Date: Sun, 18 Jul 2004 01:16:21 +0100 From: David Kreil <kreil@ebi.ac.uk> To: Jan Grant <Jan.Grant@bristol.ac.uk> Cc: freebsd-questions@freebsd.org Subject: Re: "sanitizing" disks: wiping swap, non-allocated space, and file-tails Message-ID: <200407180016.i6I0GLU22059@puffin.ebi.ac.uk> In-Reply-To: Your message of "Sat, 17 Jul 2004 15:23:24 BST." <Pine.GSO.4.61.0407171520120.12724@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Jan,
Thank you very much for your comments!
> > I wonder, in particular, how "system" directories like /var would be
> > kept on a gdbe partition.
>
> Much like any other, but the major issue is that, unlike /tmp/ and swap
> (which can be wiped clean when a machine boots with no ill effects),
> other partitions need to persist. That means you need to do one of two
> things:
> 1. Be available when the machine boots to enter the keys to mount the
> persistent partitions; or
That's fine, that's what I consider a secure solution.
> 2. Store those keys somewhere so the machine can do it for you.
> If you choose (2) then you might as well not use an encrypted partition;
Yes :-)
So at what stage of boot-up and how do I make the volumes available, prompting for the necessary passphrase? Does not the boot process write into /var/log/* from the very beginning?
With many thanks again for your help
and best regards,
David.
------------------------------------------------------------------------
Dr David Philip Kreil ("`-''-/").___..--''"`-._
Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407180016.i6I0GLU22059>