Date: Mon, 24 Dec 2012 09:59:23 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: ?????? <bloger@ngs.ru> Cc: freebsd-geom@freebsd.org Subject: Re: keyfile on another HDD. Message-ID: <20121224175923.GM1563@funkthat.com> In-Reply-To: <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru> References: <VYf743db33az97Qyp04k05A8@ngs.ru> <20121223210221.GB1436@garage.freebsd.pl> <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
?????? wrote this message on Mon, Dec 24, 2012 at 11:37 +0300:
> ? ????? ?? ????????? ???????? Pawel Jakub Dawidek,
> ???????????? 2012-12-23 22:02:
>
> > > Is it possible to read key file from another HDD with FAT16 during
> > > system boot?
> >
> > I assume you are asking for GELI disk encryption?
> Sure. I'm sorry, I miss important information. I'm talking about
> encrypted with GELI root files system.
I was looking at this earlier this year. It is true that w/ how FreeBSD
is currently, you cannot load key files from another disk, but I believe
that with enough hacking, you can fix up the loader scripts to support
it...
The thing is, loader can do pretty much what you want, when you want
it... It should be possible, after the kernel is loaded, to set the
curdev field to your key file disk, load the keyfiles, and then possibly
set curdev back to your root file system (so that rootdev is correct),
and then boot...
The hard part will be making it happen automaticly...
I've not tried this myself, but I have in the past done strange things
like this to get kernel modules from another device loaded, and keyfiles
are similar...
> > would like to read key from a file for partition, which holds root file
> > system (so you need the key after the kernel is loaded, but before root
> > file system is mounted) then no, it is not currently possible. Key can
> :-(
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121224175923.GM1563>