From owner-freebsd-geom@FreeBSD.ORG Fri Jun 15 09:31:52 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A2793106566C for ; Fri, 15 Jun 2012 09:31:52 +0000 (UTC) (envelope-from a@carniajeu.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 62E1F8FC08 for ; Fri, 15 Jun 2012 09:31:52 +0000 (UTC) Received: by obcni5 with SMTP id ni5so4802786obc.13 for ; Fri, 15 Jun 2012 02:31:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=cWldynrJZnkdnnt0cZI+NxUYAgwbCNXusAyQJcNDAJI=; b=ZQ09sOS5yt+mbeJyXHSEXitET1CCif8VqiAZLW9AF1Ea3eN6O0Bk/bgEqJPXINTHjT OmGaOmkC8O/G1i+CGnq3vhA8gnRgcYHnPXwDb45FzuCtwsGQOLt1CN2v4NJLv2DiCI+0 OKWBDPhvQB6h2d5XXSFWQei0dQK0rhel7YN64Nbh+VvaLQPaHIIGg1oY8XdTdtQGJbyv tplYLOdZY308Jw0wvuXVpzPs9iS2e9Uh3GfA3Y50HmU4As1bpccQlgfFF0CLJtkvE5pw ZYKSFPUF7mZCa72HIliUHef3+vJExKCyAHjbRaybeuQMK9Zl3IXfR7ulbEqr5NCYSjiQ rM6Q== MIME-Version: 1.0 Received: by 10.60.3.234 with SMTP id f10mr5062083oef.66.1339752711711; Fri, 15 Jun 2012 02:31:51 -0700 (PDT) Sender: a@carniajeu.com Received: by 10.182.15.67 with HTTP; Fri, 15 Jun 2012 02:31:51 -0700 (PDT) X-Originating-IP: [46.53.195.43] In-Reply-To: References: Date: Fri, 15 Jun 2012 12:31:51 +0300 X-Google-Sender-Auth: 6WH_6nSCww5T89wV7TbCye8v9rg Message-ID: From: Alaksiej Carniajeu To: Robert Simmons Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQm2+KowHtURLW4e3F8XKaKXLd5e4S7g4IK58W7wM+ex82Y0oNqwDtsmo6/xa69bZivhP0iY Cc: freebsd-geom@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2012 09:31:52 -0000 Hi, It's not possible. But, you could have your /boot on a bootable usbstick, together with some keyfiles, and start from it. From security point of view, it is even better, than the whole drive encryption TrueCrypt offers, because the former relies on password only. On Fri, Jun 15, 2012 at 2:33 AM, Robert Simmons wrote= : > I posted this question to security, but all I got back was the sound > of crickets... > > Would it be possible to make FreeBSD's bootcode aware of geli encrypted v= olumes? > > I would like to enter the password and begin decryption so that the > kernel and /boot are inside the encrypted volume. =A0Ideally the only > unencrypted area of the disk would be the gpt protected mbr and the > bootcode. > > I know that Truecrypt is able to do something like this with its > truecrypt boot loader, is something like this possible with FreeBSD > without using Truecrypt? > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org"