Date: Fri, 1 Sep 2006 01:05:44 +1000 From: "Gary Newcombe" <gary@pattersonsoftware.com> To: <freebsd-geom@freebsd.org> Subject: efs, geli, cd boot disk and a usb key. Message-ID: <000001c6cd0e$ef4831c0$1f01a8c0@tosh>
next in thread | raw e-mail | index | archive | help
Hello, I have an older toshiba satellite (which doesn't boot from a usb key) on which I am trying to setup an encrypted filesystem using geli. Following the the guides by Marc Schiesser and Adam Wood, I can get to a certain point, but not as far as I'd like. I need to boot from the cdrom, mount a memory disk partition from which I can mount the usbdrive (and hence get access to the keyfile), and then mount the encrypted partitions on the hard drive with that keyfile. In brief, on the harddrive, have set up a geli ad0 geli init -b -s 4096 -l 256 -K /keyfile/ad0.key /dev/ad0 and created filesystem etc. I know that it was originally not possible to set the -b flag on a partition and also a keyfile, but I read that this functionality was now available. I am using a snapshot of 6.1 stable from beginning of aug 2006 to try this out. Is this the case in stable or just current? The usbdrive contains /boot /etc/fstab and /boot/mfsroot as the memory disk. the memory disk has /etc/rc and /rescue. I added the directive to rc to mount the usbdrive on the memory disk so that the key would be available to mount the encrypted root partition. I know this is vague, but I essentially want to know if I'm barking up the right tree? Is this possible? is there any documentation for this that I'm missing? I need to be able to keep the key file on the usbdrive so that the cd boot disk can be left in the laptop and the usb drive removed after boot. I'm guessing that I won't get far with the -b flag and that I need to mount root from the memory disk, mount encrypted root from the disk and continue booting from the encrypted boot partition. Any help would be much appreciated as I already spent way too long on this! Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c6cd0e$ef4831c0$1f01a8c0>