Date: Fri, 15 Jun 2012 10:04:43 -0400 From: Matt Piechota <piechota@argolis.org> To: freebsd-security@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode Message-ID: <4FDB40FB.2090806@argolis.org> In-Reply-To: <CAN8NK9Entdnp=rmjZ%2BhG4L7A7UrJyqj%2BPM0_oMv4Pfw--53H%2BQ@mail.gmail.com> References: <CA%2BQLa9Aec82k24YL46dU3zgbozTa8Qmis%2Bn14JpdZAemnaFZfw@mail.gmail.com> <CAN8NK9Entdnp=rmjZ%2BhG4L7A7UrJyqj%2BPM0_oMv4Pfw--53H%2BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/15/2012 09:39 AM, Aaron Zauner wrote: > AFAIK you'd need something similary to initrd > (http://en.wikipedia.org/wiki/Initrd), which, to the best of my > knowledge, does not currently exist in freebsd. > Even that leaves the initrd (and /boot) unencrypted (as in Linux). The Windowsy ones I've seen appear to load the decryption driver right out of the MBR and work from there. I haven't done detailed investigation on it, but I think TrueCrypt does work this way and is FOSS (although with their own license that requires attribution and whatnot). http://www.truecrypt.org/legal/license -- Matt Piechota
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FDB40FB.2090806>