Date: Sun, 29 Jan 2006 11:26:29 +0100 From: Christian Brueffer <chris@unixpages.org> To: OxY <oxy@field.hu> Cc: freebsd-hackers@freebsd.org Subject: Re: Encrypting full disk with several slices Message-ID: <20060129102629.GA1731@haakonia.hitnet.RWTH-Aachen.DE> In-Reply-To: <000701c624bc$e0798630$0201a8c0@oxy> References: <000701c624bc$e0798630$0201a8c0@oxy>
next in thread | previous in thread | raw e-mail | index | archive | help
--liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 29, 2006 at 11:15:06AM +0100, OxY wrote: > Hi! >=20 > I would appreciate some help from you..i > failed to find anything on google and manpages about this topic.. >=20 > My goal is to encrypt my root partition with geli or gbde. First, I tried > geli, man page said that it's ok to encrypt root partition (just leave=20 > unencrypted > the /boot part, so i put it on other slice), but it's not so simple.. >=20 > tried to encrypt the full disk first, then create the partitions and slic= es > to be able to use just one key/pass, it's not so convinient to type > 9 passwords per boot.. > i used the cmds: >=20 > # dd if=3D/dev/random of=3D/boot/ad2.key bs=3D64 count=3D1 > # geli init -s 4096 -K /boot/ad2.key /dev/ad2 >=20 > then partition the disk: > created fdisk config file (which works on unencrypted partition) (just wi= th=20 > test length, i know is's small :) >=20 > p 1 165 1 8192 >=20 >=20 > it said: length must be a multiple of sector size.. > sector size is 4096, so dunno what's the matter..(tried with 16384, so=20 > on...) >=20 > Now, i am thinking about first create partitions and slices,=20 > (ad2s1a,d,e,f,g ; ad2s2d,e,f,g) > then encrypt them one-by-one ..my only problem is to how can i manage it = to=20 > ask for one password when > i boot.... >=20 > Thank you and sorry for my poor english.. >=20 Take a look at the following talk which was held at EuroBSDCon and CCC last year: https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html The paper is available on that site as well. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD3JhVbHYXjKDtmC0RAiI0AKDjRpRn6Jxm6ftPvdcEN5dCGUqerwCaA46k 7z0qAi5+Zj4lWgsgA+Yg1r8= =gUay -----END PGP SIGNATURE----- --liOOAslEiF7prFVr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129102629.GA1731>