The problem need to solve:
Need have end system, when keyfile when boot will be created automatically,
and erased securelly just after root crypto` partition mounts (by dd with
of=keyfile, for example)
That need to do because freebsd have remote hosting.
Needs:
To make key not (at least EASELY!) catched by unautorised personnel, and
noone cat pass password there after reboot or power fail/restore cases.
Maby you can give me tip, what pard of src (and maby how, maby /boot/loader
src) need to change?
how do you want to enter that key?
i would make system bootable and ssh-able but with secure data unmounted
and very small malloc based md device created. then you upload keyfile to
it, run geli to attach encrypted device, overwrite md device and destroy
md device.
if i understand correctly.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
