From owner-freebsd-geom@FreeBSD.ORG Mon Dec 24 17:59:31 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A473A515 for ; Mon, 24 Dec 2012 17:59:31 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by mx1.freebsd.org (Postfix) with ESMTP id 5BB688FC0A for ; Mon, 24 Dec 2012 17:59:31 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id qBOHxO0R069503 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 24 Dec 2012 09:59:24 -0800 (PST) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id qBOHxNia069501; Mon, 24 Dec 2012 09:59:23 -0800 (PST) (envelope-from jmg) Date: Mon, 24 Dec 2012 09:59:23 -0800 From: John-Mark Gurney To: ?????? Subject: Re: keyfile on another HDD. Message-ID: <20121224175923.GM1563@funkthat.com> Mail-Followup-To: ?????? , freebsd-geom@freebsd.org References: <20121223210221.GB1436@garage.freebsd.pl> <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Mon, 24 Dec 2012 09:59:24 -0800 (PST) Cc: freebsd-geom@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 17:59:31 -0000 ?????? wrote this message on Mon, Dec 24, 2012 at 11:37 +0300: > ? ????? ?? ????????? ???????? Pawel Jakub Dawidek, > ???????????? 2012-12-23 22:02: > > > > Is it possible to read key file from another HDD with FAT16 during > > > system boot? > > > > I assume you are asking for GELI disk encryption? > Sure. I'm sorry, I miss important information. I'm talking about > encrypted with GELI root files system. I was looking at this earlier this year. It is true that w/ how FreeBSD is currently, you cannot load key files from another disk, but I believe that with enough hacking, you can fix up the loader scripts to support it... The thing is, loader can do pretty much what you want, when you want it... It should be possible, after the kernel is loaded, to set the curdev field to your key file disk, load the keyfiles, and then possibly set curdev back to your root file system (so that rootdev is correct), and then boot... The hard part will be making it happen automaticly... I've not tried this myself, but I have in the past done strange things like this to get kernel modules from another device loaded, and keyfiles are similar... > > would like to read key from a file for partition, which holds root file > > system (so you need the key after the kernel is loaded, but before root > > file system is mounted) then no, it is not currently possible. Key can > :-( -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."