From owner-freebsd-geom@FreeBSD.ORG Tue May 22 15:25:43 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 710D01065674 for ; Tue, 22 May 2012 15:25:43 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1947E8FC17 for ; Tue, 22 May 2012 15:25:42 +0000 (UTC) Received: by yenl8 with SMTP id l8so6891767yen.13 for ; Tue, 22 May 2012 08:25:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=oq5lLh5fP6Wes5AKW5ddqr2S57bPsTkuJUXdT5NgNQg=; b=UcOEyg5FXHmn8fTo5K5181KMEzkicRKjDwq6+kkQeoSY0XOeq3CMh+p9oEANug7wLV pkYOBh1KubJSgMmOLh11KRqcXHMwFOP1kPpVc+FUexdzYAgDpa7Cg6rgVekqWJaLdwi6 X4PkISJYy/Y1/SuWuC1Oco2eE6FgpEJq56dEw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=oq5lLh5fP6Wes5AKW5ddqr2S57bPsTkuJUXdT5NgNQg=; b=d0h3lpCikDs/7zE5S/iJ0wU0Y253wRx+0BVbf36O2D2G7nYZBLjxQrgntZJb0+gFRs JwogPgx+4LDg4NE6QAPrHf+a0cBGMlmQjb4fXlmmgGa0Jx3Jff/t8Ye5JSMzCTnSl7h9 nZoz4TB1gWP0fWZYxVYtfyBg/b151LgqXrH9yl9BA5G9fgBWKbEQYzyDx0u6qa7my1eN mZg8BNa82ytkQZBIcZ+dsy9eExLojXg4K2i+6+b3pom4DmtdnxKeGw7riUDE3VRmVnHo sHmEE/E7y8H3ZQ1QAn/tAVdoQhB826Lr8bpYBixKK17WTCUy+x5u0R2cr1+oYw1pPyhL BAPA== Received: by 10.50.89.198 with SMTP id bq6mr10103728igb.28.1337700342312; Tue, 22 May 2012 08:25:42 -0700 (PDT) Received: from DataIX.net (24-247-238-117.dhcp.aldl.mi.charter.com. [24.247.238.117]) by mx.google.com with ESMTPS id ch5sm10433291igb.0.2012.05.22.08.25.36 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 22 May 2012 08:25:42 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q4MFPYpK007852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 May 2012 11:25:34 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jhellenthal@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q4MFPXp2007851; Tue, 22 May 2012 11:25:33 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Tue, 22 May 2012 11:25:33 -0400 From: Jason Hellenthal To: mahdieh salamat Message-ID: <20120522152533.GA7139@DataIX.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQmM43Ds70N0hgyYcWZUuCMYz7PJ5FS63Tq/3ghhZC3sLrOHLdvM9Kn/oEqg+BDvnT6o9yTQ Cc: freebsd-geom@freebsd.org Subject: Re: Lock FreeBSD partitions X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 15:25:43 -0000 On Tue, May 22, 2012 at 12:05:49AM -0700, mahdieh salamat wrote: > Hi all. I don't know I should ask my question here or not,I want to lock my > partitons by geli or gbde, but I want that after boot users don't force to > enter the passphrase. In other wise the partitions are locked but seems > that they aren't lock. I need it for security that if any one try to mount > partitions by CD or flash can't do it. > Thanks You are best off using a USB thumb drive as a place of storage for encryption keys with no passwords. As long as the thumb drive is available and mounted then the keys will be available for the encrypted partition to use. The user could also keep a key in their home directory that would allow them to mount the partition as well but only after the machine has been booted and unencrypted by use of the USB thumb drive. Just one way to look at it. Hope it helps. -- - (2^(N-1))