Pawel Jakub Dawidek wrote: > On Fri, Jul 29, 2005 at 08:28:30AM -0500, Eric Anderson wrote: > +> Niki Denev wrote: > +> >Pawel Jakub Dawidek wrote: > +> > > +> Booting from Encrypted Root: > +> > > +> >>+> GELI - Works. How'd one load the kernel from an encrypted root > +> >>though? > +> >> > +> >>Kernel has to be loaded from a USB Pen-Drive or a CD-ROM. > +> >>You need to put /boot/ directory in there. GELI will ask for the > +> >>passphrase > +> >>before root file system is mounted. After that you can remove > +> >>Pen-Drive/CD-ROM. > +> >> > +> > > +> >Wouldn't it work if /boot is small separate unencrypted partition? > +> >( Well, there is the possibility that someone replaces your kernel > +> >with one with keylogger to catch your password next time you type it :)) > +> >I use this method for bootable RAID1+0 with GEOM's stripe and mirror, > +> >and it seems to work great. > +> > +> Maybe you could write up a quick howto on your setup, and post it/submit > +> it to the doc_at_ team. > > I'd prefer not to, as if you keep your kernel and modules decrypted, there > is no point to encrypt root file system. Hmm - is that really true? How can one decrypt the root partition data without the key, but with the kernel and modules? It seems that if that is a problem, than encrypting any partition without the kernel/modules encrypted would be the same scenario. I think there still is benefit in encrypting the root, but not /boot. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------Received on Fri Jul 29 2005 - 11:37:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:40 UTC