[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
On Mon, 23 Mar 2009, Cem Kayali wrote:
FreeBSD allows encryption of root partition and may be good start.
I have tried that approach about a year ago and successfully performed
installation. Also discussed with author, Marc Schiesser, because tutorial
should be updated according to FreeBSD 7.x and 8.x versions. I have these
notes in my archive.
Basic idea is that:
1- Run fixit disc of FreeBSD which is a live-cd with various FreeBSD (own)
utilities. Dont forget to load geom_eli module.
2- Partition the hard drive, and then, create geli slices (partitions).
3- Run sysinstall and address the geli partitions as install target.
Everything is isntalled into geli partition.
4- Once finished the work, copy kernel, kernel modules to ie; a usb ram. In
other words, prepare boot-only usb disk
5- Once everything is complete, boot from usb. It asks passphrase of geli
slice and mounts geli root as root
6- Remove usb ram.
The main thing missing from NetBSD to enable the same thing would
be to have cgd autoconfigure similar to how raidframe can.
Actually thas a nice piece of cgd functionality aside from
anything else we've discussed :)
David/absolute -- www.NetBSD.org: No hype required --
Main Index |
Thread Index |