From owner-freebsd-questions@freebsd.org  Tue Mar  5 23:10:04 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BEE95151A622
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue,  5 Mar 2019 23:10:03 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "mout.kundenserver.de",
 Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 83CC88D338
 for <freebsd-questions@freebsd.org>; Tue,  5 Mar 2019 23:10:02 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de ([92.195.28.147]) by mrelayeu.kundenserver.de
 (mreue108 [212.227.15.183]) with ESMTPA (Nemesis) id
 1MQMqN-1gf7ZD2TWj-00MLkR; Wed, 06 Mar 2019 00:04:42 +0100
Date: Wed, 6 Mar 2019 00:04:42 +0100
From: Polytropon <freebsd@edvax.de>
To: <su-@tutamail.com>
Cc: <freebsd-questions@freebsd.org>
Subject: Re: UFS Encrypted Automated Install
Message-Id: <20190306000442.5f924c90.freebsd@edvax.de>
In-Reply-To: <L_DQyxt--3-1@tutamail.com>
References: <L_DQyxt--3-1@tutamail.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:Zoy8JkZe+La/Ywv9hx2k5H7HfzPO+uFGJcgGWNSeE36G9ygw3lE
 GyNpp3Dasb/1QJ/w4p0h6qxZhHv57DY8KgG7IHsze2XmemiUD029srU8Ql+4RNmoXeiXSf8
 24TMhW7ZGoN0DzFQcbTSu5kPIYNBT30x5cxmKoqPNXJvLmMiabepElKYWku1otdieGxfp+L
 mKnDmrKNn/JyuqO2Le8xw==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:pF8YRuvZrxo=:MWZJqdS/4Q9iaIIEUHhGEP
 THiut4vrby2sk4Gpto9w91AWJdPqTCwZ1Sr+6npPqm99qbGmacnJg4IlaWYafsWLOeQeP0iAq
 kvx+YFVHaXeXq5/gyOgHNzeg+9+WNlc72u74JFkD3StoRipEy6v6hJMb1JVvev6DyEG+wMUMs
 5aPoy6swPC75wqUlE0BLk+ymVDIvcGsRPBCZeagUSr24vDjoNcWBV2Eh38KlU+N9vc9EJTFvN
 myubpkRWiYUIG2GQmklX8ZupCS0/k+BisDXrTFcY8Er4nqu7dMAhTud1+KRNN4o0IaVkUmcw3
 CjmVpVhVyhgOymZKjFJEnaQfTBl+8M8Vb3ZjmHIMChroglPB0YzAuJvPXdpwIPhnxeZcrjtKK
 OzUZQhwby+Yv3QcdWxNHC+wNSB5hgcUrf2hxwPf6RSJFFB1brXUGe5lPi9l4CnwGRFrwemKG2
 dMgCApFG0r9V2WlP6WH+asWLK6tcFY912uqGeO3ngrqnCtotsv9klJ4IW6zpRdLXKTFDocg6N
 p20poQnzA4XBIMPx8OmcIxqlLJGKQ3nbV/WlG7UuWl93x+Y2iD6NMCY8PXX2j9scUGRa4L+t4
 oZ5rXXPFMR1h/Qi6WygNx2Dppx2sBPQsVtkHjvHAbuqyztnrm6srE4FKoKthrubzdPUWeuPvD
 ylLab4EUWLd/Ew8rXfO33T3Lh/DFb9oG4vfQQNCYFw+wfey44SjiC8l/Fn17rqBYSuRsgvS9H
 iFTxsfseoG0l1gnudFp5bakemXYcKgMAeAmd+p5c2y/VuVI3ZqTiizRCmWY=
X-Rspamd-Queue-Id: 83CC88D338
X-Spamd-Bar: +++
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [3.93 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 HAS_REPLYTO(0.00)[freebsd@edvax.de]; MV_CASE(0.50)[];
 TO_DN_NONE(0.00)[]; HAS_ORG_HEADER(0.00)[];
 MX_GOOD(-0.01)[mx01.schlund.de,mx00.schlund.de];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.57)[-0.572,0];
 RECEIVED_SPAMHAUS_PBL(0.00)[147.28.195.92.zen.spamhaus.org : 127.0.0.10];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE];
 RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[];
 REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de];
 AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.86)[0.856,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.98)[0.975,0];
 RCVD_IN_DNSWL_NONE(0.00)[10.17.227.212.list.dnswl.org : 127.0.5.0];
 MID_CONTAINS_FROM(1.00)[]; R_SPF_NA(0.00)[];
 RWL_MAILSPIKE_POSSIBLE(0.00)[10.17.227.212.rep.mailspike.net : 127.0.0.17];
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(0.28)[ip: (0.62), ipnet: 212.227.0.0/16(-0.97), asn: 8560(1.77),
 country: DE(-0.01)]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 23:10:04 -0000

On Tue, 5 Mar 2019 16:19:13 +0100 (CET), su-@tutamail.com wrote:
> Are there any plans to have an automated encrypted=A0 UFS install option
> in the freebsd iso's (what encryption options were available prior to zfs=
)=20

UFS does not have a native encryption mechanism. It has to be added
by an additional layer, and GELI is the common suggestion, even though
you can also use GDBE.

More information here:

https://www.freebsd.org/doc/handbook/disks-encrypting.html

Don't be confused by the examples using the MBR slice + BSD partitions
approach. It works the same for today's disks and SSDs with GPT. :-)

You could probably do something like this: In the installer, drop to
the command line and prepare the disk. Create the partitions and set
the required flags; use "geli init", then "geli attach", and then use
newfs with options as needed. Add a label with "newfs -L" if you wish.
To check if everything works as intended, mount and umount the partition.
Then return to the installer, _not_ using "geli detach". The installer
should then be able to use /dev/ada0p1.eli as / partition.

I have not tested this particular approach (mine are usually entirely
scripted), but this should be possible with the current version of
bsdinstall.

Having a convenient option in bsdinstall to automate the tasks of preparing
(initializing and attaching) target partition(s) for a system installation
would be nice.


--=20
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...