Date: Wed, 28 Sep 2005 10:43:31 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: "Frank J. Beckmann" <frank@barda.agala.net> Cc: freebsd-geom@freebsd.org Subject: Re: Paasword from shsec when booting eli encryptet / ? Message-ID: <20050928084331.GA24355@garage.freebsd.pl> In-Reply-To: <200509271357.32327.frank@barda.agala.net> References: <200509271357.32327.frank@barda.agala.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--wac7ysb48OaltWcw Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 27, 2005 at 01:57:30PM +0200, Frank J. Beckmann wrote: +> I start to love the new geom classes, they give me many ideas but also r= ise=20 +> many questions. The man page og geli states that you can encrypt / when = you=20 +> boot from an USB pen-drive. That mast contain /boot. Does it find / or d= o I=20 +> have to set rootdev in loader.conf? You need to setup USB boot in BIOS and that's actually all. It will ask you for the passphrase before root file system is mounted and will find root partition in /etc/fstab after decryption. +> And is it possible to get the password (or any other needed secret) from= a=20 +> gshsec device instead of a console prompt? No. Currently you can use only passphrase strengthened with PKCS#5v2 for the root partition. There are no file systems mounted yet, so you cannot get the secret from a file. In theory it will be possible to get the secret from a raw device (storing info about this in /boot/loader.conf). BUT this is hackish and evil, so I'll wait for a better solution. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDOlezForvXbEpPzQRAmX3AJ9KCTfJemyppSzf+TOUvymNjFc+cgCg3vVD SRRjOXLtr3Lk1UWzIxfzLcU= =xHJ3 -----END PGP SIGNATURE----- --wac7ysb48OaltWcw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050928084331.GA24355>