Date: Fri, 20 Apr 2012 16:56:50 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: Frank Lanitz <frank@frank.uvena.de> Cc: freebsd-questions@freebsd.org Subject: Re: Does 9.0-stable installer support full disc encryption Message-ID: <alpine.BSF.2.00.1204201649480.96314@wojtek.tensor.gdynia.pl> In-Reply-To: <4F912A7D.2010106@frank.uvena.de> References: <4F912A7D.2010106@frank.uvena.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Wasn't able to find something about this: Do I have a chance to do > direct installation of a FreeBSD into a full encrpyted environment where > not only /home, but also e.g. /usr is encrypted? Currently I've got such as i always say the best installer is no installer, as it supports everything you want exactly because YOU do the (simple) instalation steps as you want. Actually except the really first time i tried FreeBSD, i never used it. both old sysinstall and new that i even don't know as i don't compile it. REALLY - grab some usable self-containted DVD/CD/pendrive that boots into complete FreeBSD, add compressed install files (may be like distro or your own), then just make partitions, newfs then, perform bsdlabel -B (or gpart), and unpack. or make partitions, geli init+geli attach right one, newfs and unpack. if you want ALL encrypted then: - make very small /b partition like 100-200 megs unencrypted - after unpacking from your / partition move /boot to /b/boot, then make a link /boot -> b/boot - in loader.conf add vfs.root.mountfrom="ufs:yourrootpartition" ex. vfs.root.mountfrom="ufs:ada0d.eli" with standard generic kernel you need geom_eli_load="YES" in loader.conf too after all works compile your kernel, make sure GEOM_ELI is compiled in (no need for module), and - if you have one of the latest intel CPU, or one of the "less latest" VIA CPU apply a driver for hardware accelerated AES encryption. speedup of encryption from 50MB/s to 2-3GB/s is quite normal :) actually i usually encrypt everything on such hardware as encryption load is not noticable.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1204201649480.96314>