From owner-freebsd-geom@FreeBSD.ORG  Fri Jun 15 20:22:19 2012
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A42851065672
	for <freebsd-geom@freebsd.org>; Fri, 15 Jun 2012 20:22:19 +0000 (UTC)
	(envelope-from rsimmons0@gmail.com)
Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 5B2ED8FC0A
	for <freebsd-geom@freebsd.org>; Fri, 15 Jun 2012 20:22:19 +0000 (UTC)
Received: by vcbfy7 with SMTP id fy7so2333257vcb.13
	for <freebsd-geom@freebsd.org>; Fri, 15 Jun 2012 13:22:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type; bh=vpfzP1M8UkRl36O2ajSz5N6Oq0++aeARZdYUvpgdJow=;
	b=WXXli1Mqk+PuGemhoY9uvcjMcQtEaIeaSR0MoNFBohnOiBzK2sH0dasKx2ZICRBr0V
	xqXDsabqdRz9v4f6ymuaAJl37foQkGhzP5XOkSzJM0P+7WslBkxSUSUaAz00inYUINhu
	52XOKteoJHwXia3yFiTLDqu0o0qBHG3SPfZMGWEaeZgujbIxaCArPfYaK1BdtNzrLe6k
	29Q+vEnG9buceuNbsE+Dl/R2Bs3zPL0iEz0Igkv+bNuyC3HyVYC9XdFXMrBnV+jI4ui1
	JDt0obEATTFqOucwFjvIMInHUS7ibiP2YX2z2/BfhAzPEezte62fKKUt682XBkEZM88M
	vjCw==
MIME-Version: 1.0
Received: by 10.52.88.176 with SMTP id bh16mr2933903vdb.132.1339791738245;
	Fri, 15 Jun 2012 13:22:18 -0700 (PDT)
Received: by 10.52.113.97 with HTTP; Fri, 15 Jun 2012 13:22:18 -0700 (PDT)
In-Reply-To: <CAHsZcQEsQU1M8Q+2uP+k+4Q+ykE67YsD3e9bM6cRBfha2c6QiA@mail.gmail.com>
References: <CA+QLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS+m1GAg@mail.gmail.com>
	<CAHsZcQEsQU1M8Q+2uP+k+4Q+ykE67YsD3e9bM6cRBfha2c6QiA@mail.gmail.com>
Date: Fri, 15 Jun 2012 16:22:18 -0400
Message-ID: <CA+QLa9Ags=DYy4TQ24zz=VOGFOT63FWr_Dh+44qA-35O9QBA_Q@mail.gmail.com>
From: Robert Simmons <rsimmons0@gmail.com>
To: freebsd-geom@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: Pre-boot authentication / geli-aware bootcode
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2012 20:22:19 -0000

On Fri, Jun 15, 2012 at 5:31 AM, Alaksiej Carniajeu <ac@belngo.info> wrote:
> Hi,
>
> It's not possible. But, you could have your /boot on a bootable
> usbstick, together with some keyfiles, and start from it. From
> security point of view, it is even better, than the whole drive
> encryption TrueCrypt offers, because the former relies on password
> only.

This is what I thought.  Now, if I wanted to add this functionality, I
would need to modify:
/head/sys/boot/i386/pmbr/pmbr.s
and
/head/sys/boot/i386/gptboot/gptboot.c

Right?