Date: Sun, 22 Mar 2015 19:26:12 +0000 (UTC) From: Allan Jude <allanjude@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46363 - head/en_US.ISO8859-1/books/handbook/disks Message-ID: <201503221926.t2MJQCVT067217@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: allanjude Date: Sun Mar 22 19:26:11 2015 New Revision: 46363 URL: https://svnweb.freebsd.org/changeset/doc/46363 Log: Update handbook to remove references to obsolete rc.conf variable: geli_swap_flags PR: 197755 Differential Revision: https://reviews.freebsd.org/D2094 Submitted by: Christian Kujau (request) Reviewed by: wblock Approved by: bcr (mentor) Sponsored by: ScaleEngine Inc. Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Sun Mar 22 00:11:50 2015 (r46362) +++ head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Sun Mar 22 19:26:11 2015 (r46363) @@ -2878,7 +2878,7 @@ geli_da2_flags="-p -k /root/<replaceable <para>This section demonstrates how to configure an encrypted swap partition using &man.gbde.8; or &man.geli.8; encryption. It assumes a <acronym>UFS</acronym> file system where - <filename>/dev/ad0s1b</filename> is the swap partition.</para> + <filename>/dev/ada0s1b</filename> is the swap partition.</para> <sect2> <title>Configuring Encrypted Swap</title> @@ -2888,34 +2888,73 @@ geli_da2_flags="-p -k /root/<replaceable the current swap partition with random garbage, execute the following command:</para> - <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ad0s1b</replaceable> bs=1m</userinput></screen> + <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ada0s1b</replaceable> bs=1m</userinput></screen> <para>To encrypt the swap partition using &man.gbde.8;, add the <literal>.bde</literal> suffix to the swap line in <filename>/etc/fstab</filename>:</para> <programlisting># Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.bde none swap sw 0 0</programlisting> +/dev/ada0s1b.bde none swap sw 0 0</programlisting> <para>To instead encrypt the swap partition using &man.geli.8;, use the <literal>.eli</literal> suffix:</para> <programlisting># Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.eli none swap sw 0 0</programlisting> +/dev/ada0s1b.eli none swap sw 0 0</programlisting> <para>By default, &man.geli.8; uses the <acronym>AES</acronym> - algorithm with a key length of 128 bit. These defaults can be - altered by using <literal>geli_swap_flags</literal> in - <filename>/etc/rc.conf</filename>. The following flags - configure encryption using the Blowfish algorithm with a key - length of 128 bits and a sectorsize of 4 kilobytes, and sets - <quote>detach on last close</quote>:</para> + algorithm with a key length of 256 bits. These defaults can + be altered in the options field in + <filename>/etc/fstab</filename>. The possible flags + are:</para> + + <variablelist> + <varlistentry> + <term>aalgo</term> + <listitem> + <para>Data integrity verification algorithm used to ensure + that the encrypted data has not been tampered with. See + &man.geli.8; for a list of supported algorithms.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ealgo</term> + <listitem> + <para>Encryption algorithm used to protect the data. See + &man.geli.8; for a list of supported algorithms.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>keylen</term> + <listitem> + <para>The length of the key used for the encryption + algorithm. See &man.geli.8; for the key lengths that + are supported by each encryption algorithm.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>sectorsize</term> + <listitem> + <para>The size of the blocks data is broken into before + it is encrypted. Larger sector sizes increase + performance at the cost of higher storage + overhead. The recommended size is 4096 bytes.</para> + </listitem> + </varlistentry> + </variablelist> + + <para>This example configures an encryped swap partition using + the Blowfish algorithm with a key length of 128 bits and a + sectorsize of 4 kilobytes:</para> - <programlisting>geli_swap_flags="-e blowfish -l 128 -s 4096 -d"</programlisting> + <programlisting># Device Mountpoint FStype Options Dump Pass# +/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0</programlisting> - <para>Refer to the description of <literal>onetime</literal> in - &man.geli.8; for a list of possible options.</para> </sect2> <sect2> @@ -2929,13 +2968,13 @@ geli_da2_flags="-p -k /root/<replaceable <screen>&prompt.user; <userinput>swapinfo</userinput> Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.bde 542720 0 542720 0%</screen> +/dev/ada0s1b.bde 542720 0 542720 0%</screen> <para>If &man.geli.8; is being used:</para> <screen>&prompt.user; <userinput>swapinfo</userinput> Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.eli 542720 0 542720 0%</screen> +/dev/ada0s1b.eli 542720 0 542720 0%</screen> </sect2> </sect1>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503221926.t2MJQCVT067217>