Date: Wed, 11 Jun 2008 23:51:15 +0200 From: "Julian Stacey" <jhs@berklix.org> To: Howard Goldstein <hg@queue.to>, Lorenzo Perone <lopez.on.the.lists@yellowspace.net> Cc: fs@freebsd.org Subject: Re: CFS Cryptographic file system. Message-ID: <200806112151.m5BLpFKK055158@fire.js.berklix.net> In-Reply-To: Your message "Wed, 11 Jun 2008 14:00:55 EDT." <485012D7.6060107@queue.to>
next in thread | previous in thread | raw e-mail | index | archive | help
To: Howard Goldstein <hg@queue.to>,
Lorenzo Perone <lopez.on.the.lists@yellowspace.net>
cc: fs@freebsd.org
bcc: freebsd-ports@freebsd.org
(bcc to avoid list dups, any follow up to fs@ I suggest)
Howard Goldstein wrote:
> Date: Wed, 11 Jun 2008 14:00:55 -0400 (20:00 CEST)
> Cc: freebsd-ports@freebsd.org
> Julian Stacey wrote:
> > Is there some replacement of /usr/ports/security/cfs
> > (encryped file system) for 7.0 ?
>
> It's not fully responsive to your question, and it's a little clunky,
> but the technique at this blog entry
> https://www.endries.org/josh/blog/posts/5 seems to show a way to run
> geli on a file-based backingstore using the the md driver as a geom
> provider. I haven't tried it.
Thanks Howard,
As I was in a rush & no quick reply to ports@, I posted a similar question
to fs@freebsd 12 hours or so later & later replied:
> > From: Lorenzo Perone <lopez.on.the.lists@yellowspace.net>
> > Date: Tue, 10 Jun 2008 13:11:50 +0200
> > To: Julian Stacey <jhs@berklix.org>
> > Cc: fs@freebsd.org
> > > Is a crypting file system being worked on for src/ somewhere ?
> >
> > Did you have a look at gbde / geli?
> >
> > http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html
>
> No, (I did have a look at doc index before I posted, but I missed this).
> Looks like what I need.
> Thanks Lorenzo
So I did this, which worked:
dd if=/dev/zero of=CRYPT_FS_IMAGE bs=10k count=50k
mdconfig -a -t vnode -f CRYPT_FS_IMAGE
mkdir /etc/gbde
gbde init /dev/md0 -i -L /etc/gbde/md0.lock
2048
random_flush uncommented
# long wait
gbde attach /dev/md0 -l /etc/gbde/md0.lock
newfs -U -O2 /dev/md0.bde
mount /dev/md0.bde /mnt
....
umount /mnt
gbde detach md0
mdconfig -d -u 0
I havent tried geli yet, though it has interesting extras for later.
Thanks Lorenzo & Howard.
Julian
--
Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com
Mail just Ascii plain text. HTML & Base64 text are spam.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806112151.m5BLpFKK055158>