On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote: > Hi, > > is it possible to encrypt my full harddrive (excluding /boot) during a > freebsd installation. Or do I have to do this after the installation > manually? Currently you have to do it manually afterwards.
Personally, I would not bother encrypting the OS data; there is nothing secret there, and it does have a performance impact. Plus it would provide ample material for a known-plaintext attack! What you can do is set apart a partition during installation where you are going to store your data, be it /home, /var/www or whatever. After installation, encrypt that partition with geli(8), newfs it and put the name of the *.eli device in /etc/fstab. That should make the startup scripts ask for the passphrase. Do not rely on a keyfile that resides on a disk in the machine (that would make encryption futile)! Use a passphrase instead. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgpLODE20gvCW.pgp
Description: PGP signature