From owner-freebsd-hackers@FreeBSD.ORG  Sun Jan 29 10:26:33 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0852A16A420
	for <freebsd-hackers@freebsd.org>; Sun, 29 Jan 2006 10:26:33 +0000 (GMT)
	(envelope-from chris@haakonia.hitnet.rwth-aachen.de)
Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE
	[134.130.3.131])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A386C43D46
	for <freebsd-hackers@freebsd.org>; Sun, 29 Jan 2006 10:26:31 +0000 (GMT)
	(envelope-from chris@haakonia.hitnet.rwth-aachen.de)
Received: from circe (circe.rz.RWTH-Aachen.DE [134.130.3.36])
	by ms-dienst.rz.rwth-aachen.de
	(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
	with ESMTP id <0ITU00A4VNO6LV@ms-dienst.rz.rwth-aachen.de> for
	freebsd-hackers@freebsd.org; Sun, 29 Jan 2006 11:26:30 +0100 (MET)
Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22])
	by circe (MailMonitor for SMTP v1.2.2 ) ;
	Sun, 29 Jan 2006 11:26:29 +0100 (MET)
Received: from bigboss.hitnet.rwth-aachen.de
	(bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2])	by
	smarthost.rwth-aachen.de
	(8.13.1/8.13.1/1) with ESMTP id k0TAQSos011726;
	Sun, 29 Jan 2006 11:26:28 +0100
Received: from lorien.hitnet.rwth-aachen.de
	([137.226.181.92] helo=haakonia.hitnet.rwth-aachen.de)
	by bigboss.hitnet.rwth-aachen.de with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32)	(Exim 4.50)	id 1F39lN-0000Rp-JI;
	Sun, 29 Jan 2006 11:26:29 +0100
Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001)
	id 480DF3F40A; Sun, 29 Jan 2006 11:26:29 +0100 (CET)
Date: Sun, 29 Jan 2006 11:26:29 +0100
From: Christian Brueffer <chris@unixpages.org>
In-reply-to: <000701c624bc$e0798630$0201a8c0@oxy>
To: OxY <oxy@field.hu>
Message-id: <20060129102629.GA1731@haakonia.hitnet.RWTH-Aachen.DE>
MIME-version: 1.0
Content-type: multipart/signed; boundary=liOOAslEiF7prFVr;
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-disposition: inline
User-Agent: Mutt/1.5.11
X-Operating-System: FreeBSD 6.0-STABLE
X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc
X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B  B29B 6C76 178C A0ED 982D
References: <000701c624bc$e0798630$0201a8c0@oxy>
Cc: freebsd-hackers@freebsd.org
Subject: Re: Encrypting full disk with several slices
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2006 10:26:33 -0000


--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 29, 2006 at 11:15:06AM +0100, OxY wrote:
> Hi!
>=20
> I would appreciate some help from you..i
> failed to find anything on google and manpages about this topic..
>=20
> My goal is to encrypt my root partition with geli or gbde. First, I tried
> geli, man page said that it's ok to encrypt root partition (just leave=20
> unencrypted
> the /boot part, so i put it on other slice), but it's not so simple..
>=20
> tried to encrypt the full disk first, then create the partitions and slic=
es
> to be able to use just one key/pass, it's not so convinient to type
> 9 passwords per boot..
> i used the cmds:
>=20
> # dd if=3D/dev/random of=3D/boot/ad2.key bs=3D64 count=3D1
> # geli init -s 4096 -K /boot/ad2.key /dev/ad2
>=20
> then partition the disk:
> created fdisk config file (which works on unencrypted partition) (just wi=
th=20
> test length, i know is's small :)
>=20
> p       1       165       1     8192
>=20
>=20
> it said: length must be a multiple of sector size..
> sector size is 4096, so dunno what's the matter..(tried with 16384, so=20
> on...)
>=20
> Now, i am thinking about first create partitions and slices,=20
> (ad2s1a,d,e,f,g ; ad2s2d,e,f,g)
> then encrypt them one-by-one ..my only problem is to how can i manage it =
to=20
> ask for one password when
> i boot....
>=20
> Thank you and sorry for my poor english..
>=20

Take a look at the following talk which was held at EuroBSDCon and CCC
last year:

https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html

The paper is available on that site as well.

- Christian

--=20
Christian Brueffer	chris@unixpages.org	brueffer@FreeBSD.org
GPG Key:	 http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B  B29B 6C76 178C A0ED 982D

--liOOAslEiF7prFVr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD3JhVbHYXjKDtmC0RAiI0AKDjRpRn6Jxm6ftPvdcEN5dCGUqerwCaA46k
7z0qAi5+Zj4lWgsgA+Yg1r8=
=gUay
-----END PGP SIGNATURE-----

--liOOAslEiF7prFVr--