From owner-freebsd-hackers@FreeBSD.ORG  Tue Aug  2 02:22:51 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D293816A41F;
	Tue,  2 Aug 2005 02:22:51 +0000 (GMT)
	(envelope-from rmaglasang@infoweapons.com)
Received: from ws2.infoweapons.com (ws2.infoweapons.com [203.177.161.179])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 25EA443D45;
	Tue,  2 Aug 2005 02:22:50 +0000 (GMT)
	(envelope-from rmaglasang@infoweapons.com)
Received: from [10.3.1.41] ([10.3.1.41]) by ws2.infoweapons.com over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.1830); 
	Tue, 2 Aug 2005 10:22:10 +0800
Message-ID: <42EEDABE.7080402@infoweapons.com>
Date: Tue, 02 Aug 2005 10:30:22 +0800
From: "Ronnel P. Maglasang" <rmaglasang@infoweapons.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050719)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Alexander Leidinger <Alexander@Leidinger.net>
References: <42E9BC12.2050401@infoweapons.com>	<20050729065357.GA617@darkness.comp.waw.pl>
	<20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net>
In-Reply-To: <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 02 Aug 2005 02:22:10.0265 (UTC)
	FILETIME=[FC8E6490:01C59708]
Cc: freebsd-hackers <freebsd-hackers@freebsd.org>,
	Pawel Jakub Dawidek <pjd@freebsd.org>,
	freebsd-geom <freebsd-geom@freebsd.org>
Subject: Re: booting gbde-encrypted filesystem
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2005 02:22:52 -0000

What I had in mind is perhaps I could find a way to
enter the passphrase at the loader prompt, or configure
the loader to get the passphrase from an external
device or hardcoded the passphrase in the bootloader(really
insecure).

Alexander Leidinger wrote:

> Pawel Jakub Dawidek <pjd@freebsd.org> wrote:
>
>> This is not not possible with current GBDE.
>> I've patches which allows this here:
>>
>>     http://people.freebsd.org/~pjd/patches/gbde.patch
>
>
> I fail to see how this allows an encryted root-FS, it doesn't add gbde
> support to boot0(ext) or to the loader. It needs access to an unencrypted
> kernel. I don't think this is what Ronnel had in mind (overlooking the 
> fact
> that his suggestion to save the passphrase in the loader is insecure).
>
> Bye,
> Alexander.
>