From owner-freebsd-questions@FreeBSD.ORG Wed Oct 10 18:18:53 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7C9F16A418 for ; Wed, 10 Oct 2007 18:18:53 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay12.ispgateway.de (smtprelay12.ispgateway.de [80.67.29.29]) by mx1.freebsd.org (Postfix) with ESMTP id F0AF313C468 for ; Wed, 10 Oct 2007 18:18:52 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: (qmail 8300 invoked from network); 10 Oct 2007 18:18:50 -0000 Received: from unknown (HELO localhost) (775067@[217.50.164.129]) (envelope-sender ) by smtprelay12.ispgateway.de (qmail-ldap-1.03) with SMTP for ; 10 Oct 2007 18:18:50 -0000 Date: Wed, 10 Oct 2007 20:18:38 +0200 From: Fabian Keil To: freebsd-questions@freebsd.org Message-ID: <20071010201838.23fa7c2f@fabiankeil.de> In-Reply-To: <20071010175349.GB9770@slackbox.xs4all.nl> References: <470CCDE2.9090603@ibctech.ca> <20071010175349.GB9770@slackbox.xs4all.nl> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.10.14; i386-portbld-freebsd7.0) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2008-08-18.asc Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/rAVx8p_nkgxpM4BdO3bgAP0"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Subject: Re: Booting a GELI encrypted hard disk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Oct 2007 18:18:53 -0000 --Sig_/rAVx8p_nkgxpM4BdO3bgAP0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Roland Smith wrote: > On Wed, Oct 10, 2007 at 09:04:34AM -0400, Steve Bertrand wrote: > > I am voraciously attempting to get a FreeBSD system to boot from a GELI > > encrypted hard disk, but am having problems. >=20 > You don't need to encrypt the whole harddisk. You can encrypt separate > slices. There is no need to encrypt stuff like / or /usr; what is there > that needs to be kept secret? Encryption isn't only useful for private data, it also reduces the risk of third parties replacing your binaries with Trojans while your away. Fabian --Sig_/rAVx8p_nkgxpM4BdO3bgAP0 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHDRd/BYqIVf93VJ0RAorQAKCKy+/fDdLZs7OfpI6efzr2hUuvEACfTW/w WXB5hziCiBO/D/CoBX8TcCQ= =WofB -----END PGP SIGNATURE----- --Sig_/rAVx8p_nkgxpM4BdO3bgAP0--