Date: Mon, 11 Mar 2019 08:52:56 +0000 From: Alexandre Leonenko <alex@esecuredata.com> To: Polytropon <freebsd@edvax.de> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Automatic unencryption using /etc/fstab Message-ID: <BL0PR16MB2659C5CF1A8CF4E7E5C5E2F9C7480@BL0PR16MB2659.namprd16.prod.outlook.com> In-Reply-To: <20190311094020.12d9aad9.freebsd@edvax.de> References: <BL0PR16MB265912877178BADC1490E109C7480@BL0PR16MB2659.namprd16.prod.outlook.com>, <20190311094020.12d9aad9.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks! ________________________________ From: Polytropon <freebsd@edvax.de> Sent: Monday, March 11, 2019 1:40:20 AM To: Alexandre Leonenko Cc: freebsd-questions@freebsd.org Subject: Re: Automatic unencryption using /etc/fstab On Mon, 11 Mar 2019 08:20:46 +0000, Alexandre Leonenko wrote: > Is it possible to use /etc/fstab to point to encryption key file > to unencrypt a second drive on boot up? > > The idea that / root is already encrypted and the file will be > as well. I want to avoid entering passwords multiple time for > few different drives. > > I know Linux can already do that with the LUKS encryption and > was wondering if same thing is possible on FreeBSD. I think FreeBSD supports this approach natively for decades now. Check "18.12.2. Disk Encryption with geli" in The FreeBSD Handbook: https://people.freebsd.org/~rodrigc/doc/handbook/disks-encrypting.html It is possible to use a key file without a passphrase and use it in an automatic decrypt + mount scenario, but be aware of the security implications. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BL0PR16MB2659C5CF1A8CF4E7E5C5E2F9C7480>