Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 4 Feb 2005 18:06:17 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Allan Fields <bsd@afields.ca>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: -k/-K options for gbde(8).
Message-ID:  <20050204170617.GG27596@darkness.comp.waw.pl>
In-Reply-To: <20050204150453.GB59632@afields.ca>
References:  <20050203230430.GD27596@darkness.comp.waw.pl> <20050204150453.GB59632@afields.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 

--hK8Uo4Yp55NZU70L
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 04, 2005 at 10:04:53AM -0500, Allan Fields wrote:
+> On Fri, Feb 04, 2005 at 12:04:30AM +0100, Pawel Jakub Dawidek wrote:
+> > Hi.
+> >=20
+> > Patch below implement -k/-K/-N options from the gbde(8)-TODO list:
+> >=20
+> > 	http://people.freebsd.org/~pjd/patches/gbde.3.patch
+>=20
+> It seems in a previous life now.. I had also done a similar patch,
+> it's on the list a while back and have updated since.
+>=20
+> Since then, I looked at various ways gbde(8) could be improved,
+> expanded the TODO list, and started work on encrypted root support
+> (Going from memory: phk and I discussed various options and concluded it
+> best to implement an optional signature in metadata for gbde volumes
+> to be detected and auto-mounted at boot before init I believe.)
[...]

I done this some time ago. You have to have /boot/ directory on e.g.
bootable USB device and BDE providers in loader.conf
(in kern.geom.bde.providers tunable).

On boot it will ask for the passphrase before root is mounted:

	http://people.freebsd.org/~pjd/patches/gbde.patch

Poul-Henning suggested that taste mechanism should be used instead of
tunable, which should be quite easy to implement.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--hK8Uo4Yp55NZU70L
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFCA6uJForvXbEpPzQRAoMRAKCZOv0j8/wlmbT/nNbZbznZ9JDM7gCeKsYN
sB7N4rd7sbmPEqhJUG4+qfg=
=Nr5s
-----END PGP SIGNATURE-----

--hK8Uo4Yp55NZU70L--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050204170617.GG27596>