Date: Sat, 18 Dec 2010 21:32:11 +0100 From: "C. P. Ghost" <cpghost@cordula.ws> To: freebsd-questions@freebsd.org Subject: geli(8) and amd(8) working together? Message-ID: <AANLkTikQSdaDeae0gFO1Pu%2BT8OG-uo3qF4rcmSoG=8kE@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm wondering how to get the most out of geli(8) encrypted volumes, in combination with something like amd(8) (but without the overhead of NFS, if at all possible) that mounts and umounts file systems only as needed. Basically, I'd like to mount a geli volume on demand (e.g. via amd), but when amd umounts the volume for lack of activity after some time, the geli provider should also "forget" (overwrite in RAM) the key, i.e. detach itself from the underlying geom provider. When amd tries to mount the geli volume again, geli should then ask for the key again (e.g. on the console). The idea is to protect geli encrypted partitions that are idle, so that even if the box is compromized and the power is maintained (somehow), encrypted partition(s) would still require a key after being idle for some time. Any way or ideas how to implement this? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikQSdaDeae0gFO1Pu%2BT8OG-uo3qF4rcmSoG=8kE>