From owner-freebsd-questions@FreeBSD.ORG Sun Jul 18 00:16:28 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDBA416A4CE for ; Sun, 18 Jul 2004 00:16:28 +0000 (GMT) Received: from maui.ebi.ac.uk (maui.ebi.ac.uk [193.62.196.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3940343D1D for ; Sun, 18 Jul 2004 00:16:27 +0000 (GMT) (envelope-from kreil@ebi.ac.uk) Received: from puffin.ebi.ac.uk (puffin.ebi.ac.uk [193.62.196.89]) by maui.ebi.ac.uk (8.11.7+Sun/8.11.7) with ESMTP id i6I0GLF03050; Sun, 18 Jul 2004 01:16:22 +0100 (BST) Received: from puffin.ebi.ac.uk (kreil@localhost) by puffin.ebi.ac.uk (8.11.6/8.11.6) with ESMTP id i6I0GLU22059; Sun, 18 Jul 2004 01:16:21 +0100 Message-Id: <200407180016.i6I0GLU22059@puffin.ebi.ac.uk> X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4 To: Jan Grant In-Reply-To: Your message of "Sat, 17 Jul 2004 15:23:24 BST." X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 18 Jul 2004 01:16:21 +0100 From: David Kreil X-EBI-Information: This email is scanned using www.mailscanner.info. X-EBI: Found to be clean X-EBI-SpamCheck: not spam, SpamAssassin (score=-8, required 5, HABEAS_SWE -8.00) cc: David Kreil cc: cpghost cc: freebsd-questions@freebsd.org Subject: Re: "sanitizing" disks: wiping swap, non-allocated space, and file-tails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jul 2004 00:16:29 -0000 Dear Jan, Thank you very much for your comments! > > I wonder, in particular, how "system" directories like /var would be > > kept on a gdbe partition. > > Much like any other, but the major issue is that, unlike /tmp/ and swap > (which can be wiped clean when a machine boots with no ill effects), > other partitions need to persist. That means you need to do one of two > things: > 1. Be available when the machine boots to enter the keys to mount the > persistent partitions; or That's fine, that's what I consider a secure solution. > 2. Store those keys somewhere so the machine can do it for you. > If you choose (2) then you might as well not use an encrypted partition; Yes :-) So at what stage of boot-up and how do I make the volumes available, prompting for the necessary passphrase? Does not the boot process write into /var/log/* from the very beginning? With many thanks again for your help and best regards, David. ------------------------------------------------------------------------ Dr David Philip Kreil ("`-''-/").___..--''"`-._ Research Fellow `6_ 6 ) `-. ( ).`-.__.`) University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'