From owner-freebsd-questions@FreeBSD.ORG Sun Dec 30 12:55:38 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A8C21AD for ; Sun, 30 Dec 2012 12:55:38 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) by mx1.freebsd.org (Postfix) with ESMTP id 0115A8FC08 for ; Sun, 30 Dec 2012 12:55:37 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id hm9so6634972wib.14 for ; Sun, 30 Dec 2012 04:55:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:date:from:to:subject:message-id:in-reply-to:references :x-mailer:mime-version:content-type:content-transfer-encoding; bh=wrTfXXMNChCeph7Z6qLOHFrltbJ/dDcxNX2e+9CpHXg=; b=rZ5jrXTQ9Vpdn9Fll/Vzc7Htw4dClTyzxlFBjYLnYwDknl8x357hLQqjhbi2ADMyEA GfEZ6StrK3lYE6u7F/w/9ACummVQ3sPYzQXF1U2LsmaUpqceQ3BKsI8FmPSHA1gnWcwP Abbg8ywHyVtFDrc3A0O89/4uq51nZZyXL9isyeIpuMtjpTl0nHlf+Qm3TZN9OZSOruA/ fYsQyIDY7CFhiRCtx2v8NilaOJ+QNiu3DHDkQGRRVxg7DmTspkkgLK+getm9pqVrBT1z 6ppVJ3CroRord3RBv8s3CkeN120A8vXh1LT0bDcTyhofXTR5YRHGcCgoF3OdTYklCcts hBcQ== X-Received: by 10.194.58.13 with SMTP id m13mr42452550wjq.18.1356872131090; Sun, 30 Dec 2012 04:55:31 -0800 (PST) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id eo10sm64438372wib.9.2012.12.30.04.55.28 (version=SSLv3 cipher=OTHER); Sun, 30 Dec 2012 04:55:29 -0800 (PST) Date: Sun, 30 Dec 2012 12:55:25 +0000 From: RW To: freebsd-questions@freebsd.org Subject: Re: Full disk encryption without root partition Message-ID: <20121230125525.06cceb65@gumby.homeunix.com> In-Reply-To: <50E00ABB.9080200@gmail.com> References: <50DF6401.50001@martinlaabs.de> <20121229235319.2ee5cb85.freebsd@edvax.de> <50E00ABB.9080200@gmail.com> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Dec 2012 12:55:38 -0000 On Sun, 30 Dec 2012 10:34:51 +0100 David Demelier wrote: > I think a good idea would be to store the key directly in the > bootloader, but that needs a large enough partition scheme that can > store the bootloader (boot0 or boot1) plus the encryption key. > However this needs to add support for that in both boot files and > will be bigger. I'm not sure what you are trying to say, but the master key is already in the metadata and putting user keys on the disk would render the encryption pointless.