Date: Fri, 15 Jun 2012 18:42:15 +0300 From: Gleb Kurtsou <gleb.kurtsou@gmail.com> To: Aaron Zauner <azet@azet.org> Cc: freebsd-security@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode Message-ID: <20120615154215.GA5269@reks.swifttest.com> In-Reply-To: <CAN8NK9Entdnp=rmjZ%2BhG4L7A7UrJyqj%2BPM0_oMv4Pfw--53H%2BQ@mail.gmail.com> References: <CA%2BQLa9Aec82k24YL46dU3zgbozTa8Qmis%2Bn14JpdZAemnaFZfw@mail.gmail.com> <CAN8NK9Entdnp=rmjZ%2BhG4L7A7UrJyqj%2BPM0_oMv4Pfw--53H%2BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On (15/06/2012 15:39), Aaron Zauner wrote: > AFAIK you'd need something similary to initrd > (http://en.wikipedia.org/wiki/Initrd), which, to the best of my > knowledge, does not currently exist in freebsd. FreeBSD well supports booting from memory disk which can be either embedded in kernel itself or loaded by boot loader. I think Robert meant extending loader(8) to load and boot kernel from geli encrypted file system. Thanks, Gleb. > > so long, > azet > > On Mon, Jun 11, 2012 at 2:21 AM, Robert Simmons <rsimmons0@gmail.com> wrote: > > Would it be possible to make FreeBSD's bootcode aware of geli encrypted volumes? > > > > I would like to enter the password and begin decryption so that the > > kernel and /boot are inside the encrypted volume. Ideally the only > > unencrypted area of the disk would be the gpt protected mbr and the > > bootcode. > > > > I know that Truecrypt is able to do something like this with its > > truecrypt boot loader, is something like this possible with FreeBSD > > without using Truecrypt? > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120615154215.GA5269>