From owner-freebsd-questions@FreeBSD.ORG  Tue Jun 19 20:00:53 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 80DC41065680
	for <questions@freebsd.org>; Tue, 19 Jun 2012 20:00:53 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [89.206.35.99])
	by mx1.freebsd.org (Postfix) with ESMTP id CAAD08FC12
	for <questions@freebsd.org>; Tue, 19 Jun 2012 20:00:52 +0000 (UTC)
Received: from wojtek.tensor.gdynia.pl (localhost [127.0.0.1])
	by wojtek.tensor.gdynia.pl (8.14.5/8.14.5) with ESMTP id q5JK0e4H028523;
	Tue, 19 Jun 2012 22:00:40 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.5/8.14.5/Submit) with ESMTP id
	q5JK0eLi028520; Tue, 19 Jun 2012 22:00:40 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Tue, 19 Jun 2012 22:00:40 +0200 (CEST)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: Dmitry Reznichenko <inc@rdmitry.name>
In-Reply-To: <4FE0C909.1000304@rdmitry.name>
Message-ID: <alpine.BSF.2.00.1206192158530.98802@wojtek.tensor.gdynia.pl>
References: <4FE0C909.1000304@rdmitry.name>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7
	(wojtek.tensor.gdynia.pl [127.0.0.1]);
	Tue, 19 Jun 2012 22:00:40 +0200 (CEST)
Cc: questions@freebsd.org
Subject: Re: Question about GEOM_ELI` root partition automount
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2012 20:00:53 -0000

> The problem need to solve:
> Need have end system, when keyfile when boot will be created automatically, 
> and erased securelly just after root crypto` partition mounts (by dd with 
> of=keyfile, for example)
> That need to do because freebsd have remote hosting.
>
> Needs:
> To make key not (at least EASELY!) catched by unautorised personnel, and 
> noone cat pass password there after reboot or power fail/restore cases.
>
> Maby you can give me tip, what pard of src (and maby how, maby /boot/loader 
> src) need to change?

how do you want to enter that key?

i would make system bootable and ssh-able but with secure data unmounted 
and very small malloc based md device created. then you upload keyfile to 
it, run geli to attach encrypted device, overwrite md device and destroy 
md device.

if i understand correctly.