From owner-freebsd-geom@FreeBSD.ORG Thu Aug 31 15:05:50 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72B2916A4E0 for ; Thu, 31 Aug 2006 15:05:50 +0000 (UTC) (envelope-from gary@pattersonsoftware.com) Received: from customer-domains.icp-qv1-irony8.iinet.net.au (customer-domains.icp-qv1-irony8.iinet.net.au [203.59.1.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CEDB43D53 for ; Thu, 31 Aug 2006 15:05:47 +0000 (GMT) (envelope-from gary@pattersonsoftware.com) Received: from 203-206-75-42.dyn.iinet.net.au (HELO tosh) ([203.206.75.42]) by customer-domains.icp-qv1-irony8.iinet.net.au with ESMTP; 31 Aug 2006 23:05:45 +0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== X-IronPort-AV: i="4.08,194,1154880000"; d="scan'208,217"; a="457558853:sNHT29700900" From: "Gary Newcombe" To: Date: Fri, 1 Sep 2006 01:05:44 +1000 Message-ID: <000001c6cd0e$ef4831c0$1f01a8c0@tosh> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcbNDu3lvlvlQqwdSfmQlVotwfkiIg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Antivirus: avast! (VPS 0635-3, 31/08/2006), Outbound message X-Antivirus-Status: Clean Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: efs, geli, cd boot disk and a usb key. X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2006 15:05:50 -0000 Hello, I have an older toshiba satellite (which doesn't boot from a usb key) on which I am trying to setup an encrypted filesystem using geli. Following the the guides by Marc Schiesser and Adam Wood, I can get to a certain point, but not as far as I'd like. I need to boot from the cdrom, mount a memory disk partition from which I can mount the usbdrive (and hence get access to the keyfile), and then mount the encrypted partitions on the hard drive with that keyfile. In brief, on the harddrive, have set up a geli ad0 geli init -b -s 4096 -l 256 -K /keyfile/ad0.key /dev/ad0 and created filesystem etc. I know that it was originally not possible to set the -b flag on a partition and also a keyfile, but I read that this functionality was now available. I am using a snapshot of 6.1 stable from beginning of aug 2006 to try this out. Is this the case in stable or just current? The usbdrive contains /boot /etc/fstab and /boot/mfsroot as the memory disk. the memory disk has /etc/rc and /rescue. I added the directive to rc to mount the usbdrive on the memory disk so that the key would be available to mount the encrypted root partition. I know this is vague, but I essentially want to know if I'm barking up the right tree? Is this possible? is there any documentation for this that I'm missing? I need to be able to keep the key file on the usbdrive so that the cd boot disk can be left in the laptop and the usb drive removed after boot. I'm guessing that I won't get far with the -b flag and that I need to mount root from the memory disk, mount encrypted root from the disk and continue booting from the encrypted boot partition. Any help would be much appreciated as I already spent way too long on this! Gary