On Fri, Jul 29, 2005 at 08:37:35AM -0500, Eric Anderson wrote: +> Hmm - is that really true? How can one decrypt the root partition data +> without the key, but with the kernel and modules? It seems that if that +> is a problem, than encrypting any partition without the kernel/modules +> encrypted would be the same scenario. +> +> I think there still is benefit in encrypting the root, but not /boot. I prefer method below: - put decrypted /boot/ directory onto small file system on your USB Pen-Drive or CD-ROM, - set booting from USB/CD-ROM in your BIOS, - boot from Pen-Drive/CD-ROM, - GELI will ask your for the passphrase before root file system is mounted, - enter passphrase, - root parition is decrypted and mounted, - remove your Pen-Drive/CD-ROM. -- Pawel Jakub Dawidek http://www.wheel.pl pjd_at_FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:40 UTC