From owner-freebsd-questions@FreeBSD.ORG  Sat Jul 17 14:26:09 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B836616A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 17 Jul 2004 14:26:09 +0000 (GMT)
Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4422943D39
	for <freebsd-questions@freebsd.org>;
	Sat, 17 Jul 2004 14:26:09 +0000 (GMT)
	(envelope-from Jan.Grant@bristol.ac.uk)
Received: from mail.ilrt.bris.ac.uk ([137.222.16.62])
	by dirg.bris.ac.uk with esmtp (Exim 4.34)
	id 1Blq8c-0004nz-V7; Sat, 17 Jul 2004 15:26:08 +0100
Received: from cmjg (helo=localhost)
	by mail.ilrt.bris.ac.uk with local-esmtp (Exim 4.34)
	id 1Blq60-0003lx-6r; Sat, 17 Jul 2004 15:23:24 +0100
Date: Sat, 17 Jul 2004 15:23:24 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender: cmjg@mail.ilrt.bris.ac.uk
To: David Kreil <kreil@ebi.ac.uk>
In-Reply-To: <200407170204.i6H24iT16753@puffin.ebi.ac.uk>
Message-ID: <Pine.GSO.4.61.0407171520120.12724@mail.ilrt.bris.ac.uk>
References: <200407170204.i6H24iT16753@puffin.ebi.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: Jan Grant <Jan.Grant@bristol.ac.uk>
X-Spam-Score: 0.0
X-Spam-Level: /
cc: cpghost <cpghost@cordula.ws>
cc: freebsd-questions@freebsd.org
Subject: Re: "sanitizing" disks: wiping swap, non-allocated space, and 
 file-tails
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2004 14:26:09 -0000

On Sat, 17 Jul 2004, David Kreil wrote:

> I wonder, in particular, how "system" directories like /var would be 
> kept on a gdbe partition.

Much like any other, but the major issue is that, unlike /tmp/ and swap 
(which can be wiped clean when a machine boots with no ill effects), 
other partitions need to persist. That means you need to do one of two 
things:
1. Be available when the machine boots to enter the keys to mount the 
persistent partitions; or
2. Store those keys somewhere so the machine can do it for you.
If you choose (2) then you might as well not use an encrypted partition; 
secure use needs human intervention.

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
If it's broken really badly - don't fix it either.