Date: Fri, 15 Jun 2012 22:24:58 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-geom@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode Message-ID: <20120615202458.GH1399@garage.freebsd.pl> In-Reply-To: <CA%2BQLa9Ags=DYy4TQ24zz=VOGFOT63FWr_Dh%2B44qA-35O9QBA_Q@mail.gmail.com> References: <CA%2BQLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS%2Bm1GAg@mail.gmail.com> <CAHsZcQEsQU1M8Q%2B2uP%2Bk%2B4Q%2BykE67YsD3e9bM6cRBfha2c6QiA@mail.gmail.com> <CA%2BQLa9Ags=DYy4TQ24zz=VOGFOT63FWr_Dh%2B44qA-35O9QBA_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Cgrdyab2wu3Akvjd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 15, 2012 at 04:22:18PM -0400, Robert Simmons wrote: > On Fri, Jun 15, 2012 at 5:31 AM, Alaksiej Carniajeu <ac@belngo.info> wrot= e: > > Hi, > > > > It's not possible. But, you could have your /boot on a bootable > > usbstick, together with some keyfiles, and start from it. From > > security point of view, it is even better, than the whole drive > > encryption TrueCrypt offers, because the former relies on password > > only. >=20 > This is what I thought. Now, if I wanted to add this functionality, I > would need to modify: > /head/sys/boot/i386/pmbr/pmbr.s > and > /head/sys/boot/i386/gptboot/gptboot.c I'd leave pmbr.s alone, it is definiately too early to play with decryption. You need to modify gptboot and loader for UFS or gptzfsboot and zfsloader for ZFS. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --Cgrdyab2wu3Akvjd Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/bmhoACgkQForvXbEpPzQItQCdFBl4Y/iNxyEe5DwSI6SqkfqH 40MAoMvHlxHlKosMDCYSfHbzdbNkF01k =H+Ne -----END PGP SIGNATURE----- --Cgrdyab2wu3Akvjd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120615202458.GH1399>