Date: Wed, 6 Mar 2019 00:04:42 +0100 From: Polytropon <freebsd@edvax.de> To: <su-@tutamail.com> Cc: <freebsd-questions@freebsd.org> Subject: Re: UFS Encrypted Automated Install Message-ID: <20190306000442.5f924c90.freebsd@edvax.de> In-Reply-To: <L_DQyxt--3-1@tutamail.com> References: <L_DQyxt--3-1@tutamail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Mar 2019 16:19:13 +0100 (CET), su-@tutamail.com wrote: > Are there any plans to have an automated encrypted=A0 UFS install option > in the freebsd iso's (what encryption options were available prior to zfs= )=20 UFS does not have a native encryption mechanism. It has to be added by an additional layer, and GELI is the common suggestion, even though you can also use GDBE. More information here: https://www.freebsd.org/doc/handbook/disks-encrypting.html Don't be confused by the examples using the MBR slice + BSD partitions approach. It works the same for today's disks and SSDs with GPT. :-) You could probably do something like this: In the installer, drop to the command line and prepare the disk. Create the partitions and set the required flags; use "geli init", then "geli attach", and then use newfs with options as needed. Add a label with "newfs -L" if you wish. To check if everything works as intended, mount and umount the partition. Then return to the installer, _not_ using "geli detach". The installer should then be able to use /dev/ada0p1.eli as / partition. I have not tested this particular approach (mine are usually entirely scripted), but this should be possible with the current version of bsdinstall. Having a convenient option in bsdinstall to automate the tasks of preparing (initializing and attaching) target partition(s) for a system installation would be nice. --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190306000442.5f924c90.freebsd>