Date: Tue, 10 Apr 2012 19:06:11 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: Fa bio <fa-h-2007@hotmail.com> Cc: rwmaillists@googlemail.com, freebsd-geom@freebsd.org Subject: Re: Automatic Geli? Message-ID: <CA%2BQLa9AF2DA59XnsvZveZv9LKRnn3EO%2BV5NKqnpCSOeTL58tvA@mail.gmail.com> In-Reply-To: <COL115-W65E46CF80A4ACB0C467E84A5340@phx.gbl> References: <COL115-W4014B9D06091DFE170C09BA5370@phx.gbl> <20120410231423.3a45e6d2@gumby.homeunix.com> <COL115-W65E46CF80A4ACB0C467E84A5340@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 10, 2012 at 6:25 PM, Fa bio <fa-h-2007@hotmail.com> wrote: > > Hello! > > > > The ideia is: you can run the system but you cannot access the sources > inside it, what is very interesting when you work with PHP, for example. > > > > So, when machine is off nobody can read data from it because it is encryp= ted. > > > > When you turn the machine on it automatically enter a passphase or key > witch are hidden somewhere that we cannot detect! Amazing! > > > > My guess is that the keys/passphrase are compiled inside the kernel, so > it=B4s quite impossible to access it, but at the same time you can use th= e > =A0system! > > > > I used the system without internet access and it mounted the partition > ok! That=B4s why I think that the "magic" is in the kernel! > > > > Any ideas how it=B4s done? There are two options: 1) The key is in a file on the CD. 2) It is using geli onetime. The first choice above is stupid. Every copy of the software is therefore using the same key. If you want to have a key that you don't enter a passphrase for at boot: create the geli provider yourself, and have the key on a removable device. When the machine is booting, the device is available. When it is done, you remove your device with the key and store it somewhere safe. You can use a USB drive or a CD for this. The second choice above is more likely. The cache software that the OP mentioned would most likely be best served using geli onetime, which makes sense. If you want to read about geli onetime check the man page: http://www.freebsd.org/cgi/man.cgi?query=3Dgeli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9AF2DA59XnsvZveZv9LKRnn3EO%2BV5NKqnpCSOeTL58tvA>