Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Jun 2012 12:31:51 +0300
From:      Alaksiej Carniajeu <ac@belngo.info>
To:        Robert Simmons <rsimmons0@gmail.com>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: Pre-boot authentication / geli-aware bootcode
Message-ID:  <CAHsZcQEsQU1M8Q%2B2uP%2Bk%2B4Q%2BykE67YsD3e9bM6cRBfha2c6QiA@mail.gmail.com>
In-Reply-To: <CA%2BQLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS%2Bm1GAg@mail.gmail.com>
References:  <CA%2BQLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS%2Bm1GAg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

It's not possible. But, you could have your /boot on a bootable
usbstick, together with some keyfiles, and start from it. From
security point of view, it is even better, than the whole drive
encryption TrueCrypt offers, because the former relies on password
only.

On Fri, Jun 15, 2012 at 2:33 AM, Robert Simmons <rsimmons0@gmail.com> wrote=
:
> I posted this question to security, but all I got back was the sound
> of crickets...
>
> Would it be possible to make FreeBSD's bootcode aware of geli encrypted v=
olumes?
>
> I would like to enter the password and begin decryption so that the
> kernel and /boot are inside the encrypted volume. =A0Ideally the only
> unencrypted area of the disk would be the gpt protected mbr and the
> bootcode.
>
> I know that Truecrypt is able to do something like this with its
> truecrypt boot loader, is something like this possible with FreeBSD
> without using Truecrypt?
> _______________________________________________
> freebsd-geom@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHsZcQEsQU1M8Q%2B2uP%2Bk%2B4Q%2BykE67YsD3e9bM6cRBfha2c6QiA>