From owner-freebsd-geom@FreeBSD.ORG  Fri Nov 11 15:08:36 2005
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A86616A41F
	for <freebsd-geom@freebsd.org>; Fri, 11 Nov 2005 15:08:36 +0000 (GMT)
	(envelope-from mailing@digital.nonspace.net)
Received: from v00058.home.net.pl (data.pl [212.85.96.58])
	by mx1.FreeBSD.org (Postfix) with SMTP id 38A1343D46
	for <freebsd-geom@freebsd.org>; Fri, 11 Nov 2005 15:08:34 +0000 (GMT)
	(envelope-from mailing@digital.nonspace.net)
Received: from localhost (dot.data@home@127.0.0.1)
	by matrix01.home.net.pl with SMTP; Fri, 11 Nov 2005 15:08:30 -0000
Date: Fri, 11 Nov 2005 16:07:27 +0100
From: Michal Bartkowiak <mailing@digital.nonspace.net>
To: freebsd-geom@freebsd.org
Message-Id: <20051111160727.0d07dfd7.mailing@digital.nonspace.net>
X-Mailer: Sylpheed version 1.0.6 (GTK+ 1.2.10; i386-portbld-freebsd5.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: encrypting root partition with geli
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2005 15:08:36 -0000

Hello,

I know that geli is well suited for encrypting root partition (with -b
option) but I don't get how to exactly achive this, because befeore
initialization there is filesystem present and this partition is filled
with data.. can I simply use init argument on it?
Or should I create additional partition, copy all files from / to this
new one, initialize it and after rebooting delete old? I'll be really
happy if someone could give me some hints or even detailed solution.

My second question is about /boot directory - both unencrypted on usb
device and encrypted from root partiotion should be exactly the same?

And finally how to encrypt more than one partiotion with the same
passphrase assuming that one of them is root partiotion and I want all
of them to be mounted at boot time (so passphrase should be entered
just once)?

Thanks for all suggestions and replies,
Michal Bartkowiak