From owner-freebsd-security@FreeBSD.ORG Fri Jun 15 15:42:24 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E1CD5106566C for ; Fri, 15 Jun 2012 15:42:24 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id AFCE48FC14 for ; Fri, 15 Jun 2012 15:42:24 +0000 (UTC) Received: by dadv36 with SMTP id v36so4434421dad.13 for ; Fri, 15 Jun 2012 08:42:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=FTb/ZE7S4CktbiwDKOUVFzujssrNtTLFqUgxZeHUq1k=; b=B4ak5US14ymfyFiw6HZ65oSf0jjxafrTON16jyHg0CDQDcFBf0BtytxBZQi48UpTZO PukYbOD5XqJ7BPkxfZgugzFKziMgeGgiwNrNjHQXmY5qBikVtcQ3NprdxU3okstIxlB0 aAIoMQBka6OCyQVxZGDSDo8l4uZ/BHfsvzTnFegITMkKN/uD2KE3lKB+c9yqp4r8d1cv 9nIxua6Eoz+bKj+1VfTKZBQ7UBdJj6wJ7FWVqQA44L3gBkhJmhU5NdTUYfHXRBXzYTby UdE2+lk8BpJdiq4bKHXwg3gYINc/lFWuBbgGdRCmDk1xSUMZop/BKEGHHXNKBs29lBof 62ww== Received: by 10.68.197.70 with SMTP id is6mr3089493pbc.64.1339774944364; Fri, 15 Jun 2012 08:42:24 -0700 (PDT) Received: from localhost ([78.157.92.5]) by mx.google.com with ESMTPS id qi8sm4825149pbc.36.2012.06.15.08.42.22 (version=SSLv3 cipher=OTHER); Fri, 15 Jun 2012 08:42:23 -0700 (PDT) Date: Fri, 15 Jun 2012 18:42:15 +0300 From: Gleb Kurtsou To: Aaron Zauner Message-ID: <20120615154215.GA5269@reks.swifttest.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2012 15:42:25 -0000 On (15/06/2012 15:39), Aaron Zauner wrote: > AFAIK you'd need something similary to initrd > (http://en.wikipedia.org/wiki/Initrd), which, to the best of my > knowledge, does not currently exist in freebsd. FreeBSD well supports booting from memory disk which can be either embedded in kernel itself or loaded by boot loader. I think Robert meant extending loader(8) to load and boot kernel from geli encrypted file system. Thanks, Gleb. > > so long, > azet > > On Mon, Jun 11, 2012 at 2:21 AM, Robert Simmons wrote: > > Would it be possible to make FreeBSD's bootcode aware of geli encrypted volumes? > > > > I would like to enter the password and begin decryption so that the > > kernel and /boot are inside the encrypted volume.  Ideally the only > > unencrypted area of the disk would be the gpt protected mbr and the > > bootcode. > > > > I know that Truecrypt is able to do something like this with its > > truecrypt boot loader, is something like this possible with FreeBSD > > without using Truecrypt? > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"