From owner-freebsd-questions@FreeBSD.ORG Wed Apr 8 19:50:01 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E5C5106564A for ; Wed, 8 Apr 2009 19:50:01 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr7.xs4all.nl (smtp-vbr7.xs4all.nl [194.109.24.27]) by mx1.freebsd.org (Postfix) with ESMTP id D84E78FC13 for ; Wed, 8 Apr 2009 19:50:00 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr7.xs4all.nl (8.13.8/8.13.8) with ESMTP id n38JnxtH091384; Wed, 8 Apr 2009 21:49:59 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id 735BBBA99; Wed, 8 Apr 2009 21:49:59 +0200 (CEST) Date: Wed, 8 Apr 2009 21:49:59 +0200 From: Roland Smith To: new_guy Message-ID: <20090408194959.GA2322@slackbox.xs4all.nl> References: <22951183.post@talk.nabble.com> <20090408174027.GB97995@slackbox.xs4all.nl> <22956085.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24" Content-Disposition: inline In-Reply-To: <22956085.post@talk.nabble.com> X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.19 (2009-01-05) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: geli on exisitng laptop X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Apr 2009 19:50:01 -0000 --u3/rZRmxL6MmkK24 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 08, 2009 at 10:48:31AM -0700, new_guy wrote: >=20 >=20 > Roland Smith wrote: > >=20 > > My advice would be to put /home (where _your_ data resides) on a > > seperate partition and encrypt only that partition, with a password. >=20 > Thanks to everyone for the advice. I really do appreciate it. I like this > tip a lot. Since the default FreeBSD installer puts /home as a link to > /usr/home... could I just encrypt /usr and get the same result? I'm think= ing > this would be the best way. You could do that. But since enabling encryption effectively destroys the data on the old partition, you might as well split the old /usr into /usr and /home while you're at it. On my workstation /usr fills about 5GB. So reserving 5-8GB for /usr should be plenty. An encrypted /usr can be a PITA if you have to boot into single user mode for maintenance. You'd have to attach and mount the geli device by hand, instead of having the rc scripts automate it. A word of warning: make sure you have good recent backups before enabling encryption, in case it becomes FUBAR. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --u3/rZRmxL6MmkK24 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAknc/+cACgkQEnfvsMMhpyWYAgCbBr4jZjrcax7G/5MBTFTh7Rf6 GAcAni9NdLNJd1ZUC2dt6EAgEDlnFFVz =/3BE -----END PGP SIGNATURE----- --u3/rZRmxL6MmkK24--