From owner-freebsd-questions@FreeBSD.ORG Thu Jul 29 12:35:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C9DF1065678 for ; Thu, 29 Jul 2010 12:35:31 +0000 (UTC) (envelope-from lars+lister.freebsd@adventuras.no) Received: from mail.adventuras.no (mail.adventuras.no [194.63.250.215]) by mx1.freebsd.org (Postfix) with ESMTP id A174A8FC08 for ; Thu, 29 Jul 2010 12:35:30 +0000 (UTC) X-Spam-Status: No X-Adv-Watermark: 1281010806.75475@RGAVSyBdSqjCXlvufViP0g X-MailScanner-From: lars+lister.freebsd@adventuras.no X-Adventuras-SpamCheck: not spam, SpamAssassin (not cached, score=-4.002, required 6, autolearn=not spam, ALL_TRUSTED -1.00, AWL -1.10, BAYES_00 -1.90) X-Adventuras: du kan filtrere etter AdvSpamScore over 5-10 X-Adventuras-MailScanner-ID: o6TCJrGQ062612 Received: from [10.11.32.249] (hjem [84.215.98.132]) (authenticated bits=0) by mail.adventuras.no (8.14.4/8.14.3) with ESMTP id o6TCJrGQ062612 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 29 Jul 2010 14:19:57 +0200 (CEST) (envelope-from lars+lister.freebsd@adventuras.no) Message-ID: <4C5171E1.4040703@adventuras.no> Date: Thu, 29 Jul 2010 14:19:45 +0200 From: Lars Kristiansen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; nb-NO; rv:1.9.2.7) Gecko/20100713 Thunderbird/3.1.1 MIME-Version: 1.0 To: Jozsi Vadkan References: <1280402779.4287.16.camel@localhost> In-Reply-To: <1280402779.4287.16.camel@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Mailing list Subject: Re: encrypt whole system using zfs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lars+lister@adventuras.no List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2010 12:35:31 -0000 Den 29.07.2010 13:26, skrev Jozsi Vadkan: > With dm_crypt&lvm, i can install a Debian [in sraid1], that has only the > mbr& the "/boot" unencrypted. > > So if someone steals the server/hdds, it can't do anything to them. > That's ok. > > > I'm a newbie to FreeBSD, and I want to use it in the future. I'm looking > for these "features", that i mentioned above. > > So, if someone has a little time, can someone post just a few > howtos/links, how to do this? [i mean what is the "best-practise" for > this? - to encrypt the whole system/data. And e.g.: the /boot& the mbr > would stay unencrypted] > > e.g.: How to install a FreeBSD in encrypted ZFS [and ZFS does the > mirroring instead of RAID-1] > > Thank you! > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hi! The latest pcbsd does this. If you make a /boot partition, it will keep the keys there, and you may populate the geli encrypted area with zfs if you like. Even if pc-bsd is not your choice, an installation might be a nice tutorial in the subject. Regards, Lars