From owner-freebsd-security@FreeBSD.ORG Wed Sep 6 21:00:37 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9322016A4F8; Wed, 6 Sep 2006 21:00:37 +0000 (UTC) (envelope-from steinex@nognu.de) Received: from shodan.nognu.de (shodan.nognu.de [85.14.216.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C09743D6E; Wed, 6 Sep 2006 21:00:22 +0000 (GMT) (envelope-from steinex@nognu.de) Received: by shodan.nognu.de (Postfix, from userid 1002) id C2428B82C; Wed, 6 Sep 2006 23:00:21 +0200 (CEST) Date: Wed, 6 Sep 2006 23:00:21 +0200 From: Frank Steinborn To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Mail-Followup-To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: mutt-ng/devel-r804 (FreeBSD) Message-Id: <20060906210021.C2428B82C@shodan.nognu.de> Cc: Subject: Getting GELI Keys from Floppy X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 21:00:37 -0000 Hello, i want to encrypt my HDD's with GELI (not the root-fs, though). I want to do the encryption without password, just with a key. The key should be stored in a floppy disk, and the read should be read automatically on boot, from the floppy. There is a problem here, because GELI initializes _before_ mounting the disks from /etc/fstab (for obvious reasons, of course). So GELI is not able to get the keys from the floppy and fails. So, any hints how I could get the floppy mounted _before_ GELI tries to initialize? Thanks in advance, Frank