tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)

On Mon, 23 Mar 2009, Cem Kayali wrote:


FreeBSD allows encryption of root partition and may be good start.

I have tried that approach about a year ago and successfully performed installation. Also discussed with author, Marc Schiesser, because tutorial should be updated according to FreeBSD 7.x and 8.x versions. I have these notes in my archive.

Basic idea is that:

1- Run fixit disc of FreeBSD which is a live-cd with various FreeBSD (own) utilities. Dont forget to load geom_eli module.

2- Partition the hard drive, and then, create geli slices (partitions).

3- Run sysinstall and address the geli partitions as install target. Everything is isntalled into geli partition.

4- Once finished the work, copy kernel, kernel modules to ie; a usb ram. In other words, prepare boot-only usb disk

5- Once everything is complete, boot from usb. It asks passphrase of geli slice and mounts geli root as root

6- Remove usb ram.

        The main thing missing from NetBSD to enable the same thing would
        be to have cgd autoconfigure similar to how raidframe can.

        Actually thas a nice piece of cgd functionality aside from
        anything else we've discussed :)

                David/absolute       -- No hype required --

Home | Main Index | Thread Index | Old Index