Date: Fri, 15 Jun 2012 18:40:30 +0100 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Pre-boot authentication / geli-aware bootcode Message-ID: <CAC8HS2HW15VqfC09=c=nLJDewaOCNyRispide3jBnXnrZoYd6g@mail.gmail.com> In-Reply-To: <CA%2BQLa9Aec82k24YL46dU3zgbozTa8Qmis%2Bn14JpdZAemnaFZfw@mail.gmail.com> References: <CA%2BQLa9Aec82k24YL46dU3zgbozTa8Qmis%2Bn14JpdZAemnaFZfw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 11, 2012 1:22 AM, "Robert Simmons" <rsimmons0@gmail.com> wrote: > > Would it be possible to make FreeBSD's bootcode aware of geli encrypted volumes? > > I would like to enter the password and begin decryption so that the > kernel and /boot are inside the encrypted volume. Ideally the only > unencrypted area of the disk would be the gpt protected mbr and the > bootcode. > > I know that Truecrypt is able to do something like this with its > truecrypt boot loader, is something like this possible with FreeBSD > without using Truecrypt? I just booted off a USB flash key. Then your entire drive can be encrypted. -- Simon L. B. Nielsen Mobile
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC8HS2HW15VqfC09=c=nLJDewaOCNyRispide3jBnXnrZoYd6g>