Date: Sun, 29 Jan 2006 11:26:29 +0100 From: Christian Brueffer <chris@unixpages.org> To: OxY <oxy@field.hu> Cc: freebsd-hackers@freebsd.org Subject: Re: Encrypting full disk with several slices Message-ID: <20060129102629.GA1731@haakonia.hitnet.RWTH-Aachen.DE> In-Reply-To: <000701c624bc$e0798630$0201a8c0@oxy> References: <000701c624bc$e0798630$0201a8c0@oxy>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sun, Jan 29, 2006 at 11:15:06AM +0100, OxY wrote: > Hi! > > I would appreciate some help from you..i > failed to find anything on google and manpages about this topic.. > > My goal is to encrypt my root partition with geli or gbde. First, I tried > geli, man page said that it's ok to encrypt root partition (just leave > unencrypted > the /boot part, so i put it on other slice), but it's not so simple.. > > tried to encrypt the full disk first, then create the partitions and slices > to be able to use just one key/pass, it's not so convinient to type > 9 passwords per boot.. > i used the cmds: > > # dd if=/dev/random of=/boot/ad2.key bs=64 count=1 > # geli init -s 4096 -K /boot/ad2.key /dev/ad2 > > then partition the disk: > created fdisk config file (which works on unencrypted partition) (just with > test length, i know is's small :) > > p 1 165 1 8192 > > > it said: length must be a multiple of sector size.. > sector size is 4096, so dunno what's the matter..(tried with 16384, so > on...) > > Now, i am thinking about first create partitions and slices, > (ad2s1a,d,e,f,g ; ad2s2d,e,f,g) > then encrypt them one-by-one ..my only problem is to how can i manage it to > ask for one password when > i boot.... > > Thank you and sorry for my poor english.. > Take a look at the following talk which was held at EuroBSDCon and CCC last year: https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html The paper is available on that site as well. - Christian -- Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD3JhVbHYXjKDtmC0RAiI0AKDjRpRn6Jxm6ftPvdcEN5dCGUqerwCaA46k 7z0qAi5+Zj4lWgsgA+Yg1r8= =gUay -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129102629.GA1731>