From owner-freebsd-geom@FreeBSD.ORG Fri Feb 4 17:06:20 2005 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00E6616A4CE for ; Fri, 4 Feb 2005 17:06:19 +0000 (GMT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64D3F43D48 for ; Fri, 4 Feb 2005 17:06:19 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 3D8A1ACC56; Fri, 4 Feb 2005 18:06:17 +0100 (CET) Date: Fri, 4 Feb 2005 18:06:17 +0100 From: Pawel Jakub Dawidek To: Allan Fields Message-ID: <20050204170617.GG27596@darkness.comp.waw.pl> References: <20050203230430.GD27596@darkness.comp.waw.pl> <20050204150453.GB59632@afields.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hK8Uo4Yp55NZU70L" Content-Disposition: inline In-Reply-To: <20050204150453.GB59632@afields.ca> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-geom@freebsd.org Subject: Re: -k/-K options for gbde(8). X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 17:06:20 -0000 --hK8Uo4Yp55NZU70L Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 04, 2005 at 10:04:53AM -0500, Allan Fields wrote: +> On Fri, Feb 04, 2005 at 12:04:30AM +0100, Pawel Jakub Dawidek wrote: +> > Hi. +> >=20 +> > Patch below implement -k/-K/-N options from the gbde(8)-TODO list: +> >=20 +> > http://people.freebsd.org/~pjd/patches/gbde.3.patch +>=20 +> It seems in a previous life now.. I had also done a similar patch, +> it's on the list a while back and have updated since. +>=20 +> Since then, I looked at various ways gbde(8) could be improved, +> expanded the TODO list, and started work on encrypted root support +> (Going from memory: phk and I discussed various options and concluded it +> best to implement an optional signature in metadata for gbde volumes +> to be detected and auto-mounted at boot before init I believe.) [...] I done this some time ago. You have to have /boot/ directory on e.g. bootable USB device and BDE providers in loader.conf (in kern.geom.bde.providers tunable). On boot it will ask for the passphrase before root is mounted: http://people.freebsd.org/~pjd/patches/gbde.patch Poul-Henning suggested that taste mechanism should be used instead of tunable, which should be quite easy to implement. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --hK8Uo4Yp55NZU70L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCA6uJForvXbEpPzQRAoMRAKCZOv0j8/wlmbT/nNbZbznZ9JDM7gCeKsYN sB7N4rd7sbmPEqhJUG4+qfg= =Nr5s -----END PGP SIGNATURE----- --hK8Uo4Yp55NZU70L--