Date: Thu, 7 Sep 2006 10:19:46 +0300 From: Nikos Vassiliadis <nvass@teledomenet.gr> To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org, Frank Steinborn <steinex@nognu.de> Subject: Re: Getting GELI Keys from Floppy Message-ID: <200609071019.46529.nvass@teledomenet.gr> In-Reply-To: <20060906210021.C2428B82C@shodan.nognu.de> References: <20060906210021.C2428B82C@shodan.nognu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 07 September 2006 00:00, Frank Steinborn wrote: > Hello, > > i want to encrypt my HDD's with GELI (not the root-fs, though). I want > to do the encryption without password, just with a key. The key should > be stored in a floppy disk, and the read should be read automatically > on boot, from the floppy. Are you sure you want to trust a floppy disk for your keys?? It's not the most safe medium these days... > > There is a problem here, because GELI initializes _before_ mounting > the disks from /etc/fstab (for obvious reasons, of course). So GELI is > not able to get the keys from the floppy and fails. > > So, any hints how I could get the floppy mounted _before_ GELI tries > to initialize? Why don't you use the plain device(/dev/fd0) instead of using a file on a filesystem on the floppy? I think there are examples in the manual page. Anyway, I find this a very very bad idea. If the floppy break in some way you're gonna be in big trouble...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609071019.46529.nvass>