From owner-svn-doc-head@FreeBSD.ORG Sun Mar 22 19:26:12 2015 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D1ED5B89; Sun, 22 Mar 2015 19:26:12 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B52BB954; Sun, 22 Mar 2015 19:26:12 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2MJQCTQ067218; Sun, 22 Mar 2015 19:26:12 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2MJQCVT067217; Sun, 22 Mar 2015 19:26:12 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201503221926.t2MJQCVT067217@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Sun, 22 Mar 2015 19:26:12 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46363 - head/en_US.ISO8859-1/books/handbook/disks X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2015 19:26:12 -0000 Author: allanjude Date: Sun Mar 22 19:26:11 2015 New Revision: 46363 URL: https://svnweb.freebsd.org/changeset/doc/46363 Log: Update handbook to remove references to obsolete rc.conf variable: geli_swap_flags PR: 197755 Differential Revision: https://reviews.freebsd.org/D2094 Submitted by: Christian Kujau (request) Reviewed by: wblock Approved by: bcr (mentor) Sponsored by: ScaleEngine Inc. Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Sun Mar 22 00:11:50 2015 (r46362) +++ head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Sun Mar 22 19:26:11 2015 (r46363) @@ -2878,7 +2878,7 @@ geli_da2_flags="-p -k /root/This section demonstrates how to configure an encrypted swap partition using &man.gbde.8; or &man.geli.8; encryption. It assumes a UFS file system where - /dev/ad0s1b is the swap partition. + /dev/ada0s1b is the swap partition. Configuring Encrypted Swap @@ -2888,34 +2888,73 @@ geli_da2_flags="-p -k /root/ - &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m + &prompt.root; dd if=/dev/random of=/dev/ada0s1b bs=1m To encrypt the swap partition using &man.gbde.8;, add the .bde suffix to the swap line in /etc/fstab: # Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.bde none swap sw 0 0 +/dev/ada0s1b.bde none swap sw 0 0 To instead encrypt the swap partition using &man.geli.8;, use the .eli suffix: # Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.eli none swap sw 0 0 +/dev/ada0s1b.eli none swap sw 0 0 By default, &man.geli.8; uses the AES - algorithm with a key length of 128 bit. These defaults can be - altered by using geli_swap_flags in - /etc/rc.conf. The following flags - configure encryption using the Blowfish algorithm with a key - length of 128 bits and a sectorsize of 4 kilobytes, and sets - detach on last close: + algorithm with a key length of 256 bits. These defaults can + be altered in the options field in + /etc/fstab. The possible flags + are: + + + + aalgo + + Data integrity verification algorithm used to ensure + that the encrypted data has not been tampered with. See + &man.geli.8; for a list of supported algorithms. + + + + + ealgo + + Encryption algorithm used to protect the data. See + &man.geli.8; for a list of supported algorithms. + + + + + keylen + + The length of the key used for the encryption + algorithm. See &man.geli.8; for the key lengths that + are supported by each encryption algorithm. + + + + + sectorsize + + The size of the blocks data is broken into before + it is encrypted. Larger sector sizes increase + performance at the cost of higher storage + overhead. The recommended size is 4096 bytes. + + + + + This example configures an encryped swap partition using + the Blowfish algorithm with a key length of 128 bits and a + sectorsize of 4 kilobytes: - geli_swap_flags="-e blowfish -l 128 -s 4096 -d" + # Device Mountpoint FStype Options Dump Pass# +/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0 - Refer to the description of onetime in - &man.geli.8; for a list of possible options. @@ -2929,13 +2968,13 @@ geli_da2_flags="-p -k /root/&prompt.user; swapinfo Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.bde 542720 0 542720 0% +/dev/ada0s1b.bde 542720 0 542720 0% If &man.geli.8; is being used: &prompt.user; swapinfo Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.eli 542720 0 542720 0% +/dev/ada0s1b.eli 542720 0 542720 0%