Date: Fri, 15 Jun 2012 12:31:51 +0300 From: Alaksiej Carniajeu <ac@belngo.info> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-geom@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode Message-ID: <CAHsZcQEsQU1M8Q%2B2uP%2Bk%2B4Q%2BykE67YsD3e9bM6cRBfha2c6QiA@mail.gmail.com> In-Reply-To: <CA%2BQLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS%2Bm1GAg@mail.gmail.com> References: <CA%2BQLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS%2Bm1GAg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, It's not possible. But, you could have your /boot on a bootable usbstick, together with some keyfiles, and start from it. From security point of view, it is even better, than the whole drive encryption TrueCrypt offers, because the former relies on password only. On Fri, Jun 15, 2012 at 2:33 AM, Robert Simmons <rsimmons0@gmail.com> wrote= : > I posted this question to security, but all I got back was the sound > of crickets... > > Would it be possible to make FreeBSD's bootcode aware of geli encrypted v= olumes? > > I would like to enter the password and begin decryption so that the > kernel and /boot are inside the encrypted volume. =A0Ideally the only > unencrypted area of the disk would be the gpt protected mbr and the > bootcode. > > I know that Truecrypt is able to do something like this with its > truecrypt boot loader, is something like this possible with FreeBSD > without using Truecrypt? > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHsZcQEsQU1M8Q%2B2uP%2Bk%2B4Q%2BykE67YsD3e9bM6cRBfha2c6QiA>