Date: Tue, 18 Jan 2011 22:55:02 +0100 (CET) From: User Wojtek <wojtek@wojtek.tensor.gdynia.pl> To: freebsd-questions@freebsd.org Subject: Re: harddrive encryption Message-ID: <alpine.BSF.2.00.1101182254520.1191@wojtek.tensor.gdynia.pl>
next in thread | raw e-mail | index | archive | help
no at installation if you use standard installer. as i don't use standard installer at all, i don't have such a problem. i use any bootable FreeBSD media (actualy my own made pendrive), and then make labels, do newfs, mount, unpack files etc. if you can't do that then you may follow my advice install as usual, but make partitions like a: root - 10-20GB b: swap - as you need d: rest - don't allow to directory install on a and b. then after booting your system, and building and installing your kernel with GEOM_ELI inside: geli init -s 2048 (or 4096 whatever fragment size you plan) /dev/ad0d (or ada0d or how is your disk named). geli attach /dev/ad0d newfs <options here> /dev/ad0d.eli mount /dev/ad0d.eli /mnt cd /mnt tar --exclude /usr -cf - /|tar xpf - so you have copied all data except /usr to /mnt then edit /mnt/etc/fstab make ad0d.eli as root and ad0a as /usr then edit /mnt/boot/loader.conf add vfs.root.mountfrom="ad0d.eli" then reboot to single user mode after booting /sbin/mount /usr - should mount fine cd /usr ls and delete with rm -rf everything except usr subdirectory then mv usr/* . rm -rf usr cd / rm -rf boot ln -s /usr/boot . then press CTRL-D and you have your encrypted system up. You don't have /usr encrypted as your software packages are not secred data. /usr is a: partition so bootloader boots from here. /usr/boot is linked to /boot to make it accessible for system programs as usual. but your /usr/local/etc may be secred so cd /usr/local mv etc /etc/local ln -s /etc/local etc this is how i configure my system everywhere i use geli.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1101182254520.1191>