Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Jun 2012 22:24:58 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Robert Simmons <rsimmons0@gmail.com>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: Pre-boot authentication / geli-aware bootcode
Message-ID:  <20120615202458.GH1399@garage.freebsd.pl>
In-Reply-To: <CA%2BQLa9Ags=DYy4TQ24zz=VOGFOT63FWr_Dh%2B44qA-35O9QBA_Q@mail.gmail.com>
References:  <CA%2BQLa9ChmAL=qr00oV=hW=j0GDrS3rQWyNaVH=f3cszS%2Bm1GAg@mail.gmail.com> <CAHsZcQEsQU1M8Q%2B2uP%2Bk%2B4Q%2BykE67YsD3e9bM6cRBfha2c6QiA@mail.gmail.com> <CA%2BQLa9Ags=DYy4TQ24zz=VOGFOT63FWr_Dh%2B44qA-35O9QBA_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Cgrdyab2wu3Akvjd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 15, 2012 at 04:22:18PM -0400, Robert Simmons wrote:
> On Fri, Jun 15, 2012 at 5:31 AM, Alaksiej Carniajeu <ac@belngo.info> wrot=
e:
> > Hi,
> >
> > It's not possible. But, you could have your /boot on a bootable
> > usbstick, together with some keyfiles, and start from it. From
> > security point of view, it is even better, than the whole drive
> > encryption TrueCrypt offers, because the former relies on password
> > only.
>=20
> This is what I thought.  Now, if I wanted to add this functionality, I
> would need to modify:
> /head/sys/boot/i386/pmbr/pmbr.s
> and
> /head/sys/boot/i386/gptboot/gptboot.c

I'd leave pmbr.s alone, it is definiately too early to play with
decryption. You need to modify gptboot and loader for UFS or gptzfsboot
and zfsloader for ZFS.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://tupytaj.pl

--Cgrdyab2wu3Akvjd
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAk/bmhoACgkQForvXbEpPzQItQCdFBl4Y/iNxyEe5DwSI6SqkfqH
40MAoMvHlxHlKosMDCYSfHbzdbNkF01k
=H+Ne
-----END PGP SIGNATURE-----

--Cgrdyab2wu3Akvjd--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120615202458.GH1399>