From owner-freebsd-hackers@FreeBSD.ORG Sun Jan 29 10:14:54 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B492C16A426 for ; Sun, 29 Jan 2006 10:14:54 +0000 (GMT) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE4EA43D4C for ; Sun, 29 Jan 2006 10:14:53 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id 814D411A50D for ; Sun, 29 Jan 2006 11:14:46 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 02591-07 for ; Sun, 29 Jan 2006 11:14:46 +0100 (CET) Received: from oxy (dsl85-238-76-104.pool.tvnet.hu [85.238.76.104]) by green.field.hu (Postfix) with ESMTP id 42AA3119C90 for ; Sun, 29 Jan 2006 11:14:46 +0100 (CET) Message-ID: <000701c624bc$e0798630$0201a8c0@oxy> From: "OxY" To: Date: Sun, 29 Jan 2006 11:15:06 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Subject: Encrypting full disk with several slices X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2006 10:14:54 -0000 Hi! I would appreciate some help from you..i failed to find anything on google and manpages about this topic.. My goal is to encrypt my root partition with geli or gbde. First, I tried geli, man page said that it's ok to encrypt root partition (just leave unencrypted the /boot part, so i put it on other slice), but it's not so simple.. tried to encrypt the full disk first, then create the partitions and slices to be able to use just one key/pass, it's not so convinient to type 9 passwords per boot.. i used the cmds: # dd if=/dev/random of=/boot/ad2.key bs=64 count=1 # geli init -s 4096 -K /boot/ad2.key /dev/ad2 then partition the disk: created fdisk config file (which works on unencrypted partition) (just with test length, i know is's small :) p 1 165 1 8192 it said: length must be a multiple of sector size.. sector size is 4096, so dunno what's the matter..(tried with 16384, so on...) Now, i am thinking about first create partitions and slices, (ad2s1a,d,e,f,g ; ad2s2d,e,f,g) then encrypt them one-by-one ..my only problem is to how can i manage it to ask for one password when i boot.... Thank you and sorry for my poor english..