From owner-freebsd-security@FreeBSD.ORG Fri Jun 15 13:39:03 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (unknown [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AC781065673 for ; Fri, 15 Jun 2012 13:39:03 +0000 (UTC) (envelope-from azet@azet.org) Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id 0B2D08FC0C for ; Fri, 15 Jun 2012 13:39:02 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so545245wgb.1 for ; Fri, 15 Jun 2012 06:39:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding:x-gm-message-state; bh=zOXgvX8F6rsHlSYtbc0zrnkoFS4EUQRQYB3fThqNyig=; b=McSRPpMSWw4rhjFNzHM6kJ5598bLdDg1P010I565kUsFYPXSVOi84u1S5qluEFWd9M yeB+7ZH3ZD/bycqy9Bpfktxc8h+ktQDHwaXDNXII6Bi0HRhso0rnJpRXben0+u0i5YmL tWu6zJdQrLmSxIjZdsCmZyUbzkCup6m54ytdT6lhs4Uo5/uLKuPZzaPkbzem32z2xXbV mDy22YvUV6bF379FhEKcJQa9tZhSZu0Fmf71mKeXZydKPUwji3RXyV2HY/6nopIsUg5I efG+anllzAKACpo9E+hi7/Ev958UuCQ5LrjBcX0Zs7aGtxFUNzCl9tk7x2Hgnrf4Q9/H ngvA== MIME-Version: 1.0 Received: by 10.180.80.74 with SMTP id p10mr4694050wix.10.1339767541877; Fri, 15 Jun 2012 06:39:01 -0700 (PDT) Received: by 10.194.32.6 with HTTP; Fri, 15 Jun 2012 06:39:01 -0700 (PDT) In-Reply-To: References: Date: Fri, 15 Jun 2012 15:39:01 +0200 Message-ID: From: Aaron Zauner To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQmlHGZRM1Kvi/RwHNfYixtqXBOg8WwyY+Kf+/De0jQS5KsOHSNTn67OCntrvle3MANzEoJQ Subject: Re: Pre-boot authentication / geli-aware bootcode X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2012 13:39:03 -0000 AFAIK you'd need something similary to initrd (http://en.wikipedia.org/wiki/Initrd), which, to the best of my knowledge, does not currently exist in freebsd. so long, azet On Mon, Jun 11, 2012 at 2:21 AM, Robert Simmons wrote= : > Would it be possible to make FreeBSD's bootcode aware of geli encrypted v= olumes? > > I would like to enter the password and begin decryption so that the > kernel and /boot are inside the encrypted volume. =C2=A0Ideally the only > unencrypted area of the disk would be the gpt protected mbr and the > bootcode. > > I know that Truecrypt is able to do something like this with its > truecrypt boot loader, is something like this possible with FreeBSD > without using Truecrypt? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"