From owner-svn-doc-all@FreeBSD.ORG Mon Apr 28 20:42:28 2014 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A7825446; Mon, 28 Apr 2014 20:42:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8798C1065; Mon, 28 Apr 2014 20:42:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3SKgSql032707; Mon, 28 Apr 2014 20:42:28 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3SKgSth032706; Mon, 28 Apr 2014 20:42:28 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201404282042.s3SKgSth032706@svn.freebsd.org> From: Dru Lavigne Date: Mon, 28 Apr 2014 20:42:28 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44688 - head/en_US.ISO8859-1/books/handbook/disks X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2014 20:42:28 -0000 Author: dru Date: Mon Apr 28 20:42:28 2014 New Revision: 44688 URL: http://svnweb.freebsd.org/changeset/doc/44688 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Mon Apr 28 20:30:28 2014 (r44687) +++ head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Mon Apr 28 20:42:28 2014 (r44688) @@ -2509,8 +2509,8 @@ Quotas for user test: &os; offers excellent online protections against - unauthorized data access. File permissions and - Mandatory Access Control (MAC) help + unauthorized data access. File permissions and Mandatory Access Control (MAC) help prevent unauthorized users from accessing data while the operating system is active and the computer is powered up. However, the permissions enforced by the operating system are @@ -2524,11 +2524,10 @@ Quotas for user test: geli cryptographic subsystems in &os; are able to protect the data on the computer's file systems against even highly-motivated attackers with significant resources. - Unlike encryption methods that encrypt - individual files, gbde and - geli transparently encrypt entire file - systems. No cleartext ever touches the hard drive's - platter. + Unlike encryption methods that encrypt individual files, + gbde and geli + transparently encrypt entire file systems. No cleartext ever + touches the hard drive's platter. Disk Encryption with @@ -2545,13 +2544,13 @@ Quotas for user test: protect the passphrase used by the encryption mechanism.</para> - <para>This facility provides several barriers to protect the data - stored in each disk sector. It encrypts the contents of a - disk sector using 128-bit <acronym>AES</acronym> in - <acronym>CBC</acronym> mode. Each sector on the - disk is encrypted with a different <acronym>AES</acronym> key. For more - information on the cryptographic design, including how the - sector keys are derived from the user-supplied passphrase, + <para>This facility provides several barriers to protect the + data stored in each disk sector. It encrypts the contents of + a disk sector using 128-bit <acronym>AES</acronym> in + <acronym>CBC</acronym> mode. Each sector on the disk is + encrypted with a different <acronym>AES</acronym> key. For + more information on the cryptographic design, including how + the sector keys are derived from the user-supplied passphrase, refer to &man.gbde.4;.</para> <para>&os; provides a kernel module for @@ -2565,13 +2564,13 @@ Quotas for user test: <para><literal>options GEOM_BDE</literal></para> - <para>The following example demonstrates adding a new hard - drive to a system that will hold a single encrypted partition - that will be mounted as - <filename>/private</filename>.</para> + <para>The following example demonstrates adding a new hard drive + to a system that will hold a single encrypted partition that + will be mounted as <filename>/private</filename>.</para> <procedure> - <title>Encrypting a Partition with <application>gbde</application> + Encrypting a Partition with + <application>gbde</application> Add the New Hard Drive @@ -2611,10 +2610,11 @@ Quotas for user test: A gbde partition must be initialized before it can be used. This initialization - needs to be performed only once. This command will open the default editor, in order to - set various configuration options in a template. For use - with the UFS file system, set the - sector_size to 2048: + needs to be performed only once. This command will open + the default editor, in order to set various configuration + options in a template. For use with the + UFS file system, set the sector_size to + 2048: &prompt.root; gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock# $FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $ # @@ -2626,30 +2626,29 @@ Quotas for user test: sector_size = 2048 [...] - Once the edit is saved, the user will be asked twice to type the - passphrase used to secure the data. The passphrase must - be the same both times. The ability of + Once the edit is saved, the user will be asked twice + to type the passphrase used to secure the data. The + passphrase must be the same both times. The ability of gbde to protect data depends entirely on the quality of the passphrase. For tips on how to select a secure passphrase that is easy to remember, see http://world.std.com/~reinhold/diceware.htm. - This initialization creates a lock file for - the gbde partition. In this + This initialization creates a lock file for the + gbde partition. In this example, it is stored as - /etc/gbde/ad4s1c.lock. - Lock files must end in - .lock in order to be correctly detected by - the /etc/rc.d/gbde start up - script. + /etc/gbde/ad4s1c.lock. Lock files + must end in .lock in order to be correctly + detected by the /etc/rc.d/gbde start + up script. - Lock files - must be backed up together with - the contents of any encrypted partitions. Without the - lock file, the legitimate owner will be unable to - access the data on the encrypted partition. + Lock files must be backed up + together with the contents of any encrypted partitions. + Without the lock file, the legitimate owner will be + unable to access the data on the encrypted + partition. @@ -2659,10 +2658,10 @@ sector_size = 2048 &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock - This command will prompt to input the passphrase - that was selected during the initialization of the - encrypted partition. The new encrypted device will - appear in /dev as + This command will prompt to input the passphrase that + was selected during the initialization of the encrypted + partition. The new encrypted device will appear in + /dev as /dev/device_name.bde: &prompt.root; ls /dev/ad* @@ -2676,10 +2675,10 @@ sector_size = 2048 Device Once the encrypted device has been attached to the - kernel, a file system can be created on the device. - This example creates a UFS file - system with soft updates enabled. Be sure to specify the - partition which has a + kernel, a file system can be created on the device. This + example creates a UFS file system with + soft updates enabled. Be sure to specify the partition + which has a *.bde extension: @@ -2700,8 +2699,8 @@ sector_size = 2048 Verify That the Encrypted File System is Available - The encrypted file system should now be visible - and available for use: + The encrypted file system should now be visible and + available for use: &prompt.user; df -H Filesystem Size Used Avail Capacity Mounted on @@ -2714,34 +2713,33 @@ Filesystem Size Used Avail Cap - After each boot, any encrypted file systems must be - manually re-attached to the kernel, checked for errors, and mounted, - before the file systems can be used. To configure these - steps, add the following lines to /etc/rc.conf: + After each boot, any encrypted file systems must be + manually re-attached to the kernel, checked for errors, and + mounted, before the file systems can be used. To configure + these steps, add the following lines to + /etc/rc.conf: - gbde_autoattach_all="YES" + gbde_autoattach_all="YES" gbde_devices="ad4s1c" gbde_lockdir="/etc/gbde" - This requires that the - passphrase be entered at the console - boot time. After typing the correct passphrase, the - encrypted partition will be - mounted automatically. Additional - gbde boot options are available - and listed in &man.rc.conf.5;. + This requires that the passphrase be entered at the + console boot time. After typing the correct passphrase, the + encrypted partition will be mounted automatically. Additional + gbde boot options are available and + listed in &man.rc.conf.5;. - - sysinstall is incompatible with - gbde-encrypted devices. All - *.bde - devices must be detached from the kernel before starting - sysinstall or it will crash during its initial - probing for devices. To detach the encrypted device used in - the example, use the following command: + + sysinstall is incompatible + with gbde-encrypted devices. All + *.bde devices must be detached from the + kernel before starting sysinstall + or it will crash during its initial probing for devices. To + detach the encrypted device used in the example, use the + following command: &prompt.root; gbde detach /dev/ad4s1c