Hi, I'm wondering how to get the most out of geli(8) encrypted volumes, in combination with something like amd(8) (but without the overhead of NFS, if at all possible) that mounts and umounts file systems only as needed.
Basically, I'd like to mount a geli volume on demand (e.g. via amd), but when amd umounts the volume for lack of activity after some time, the geli provider should also "forget" (overwrite in RAM) the key, i.e. detach itself from the underlying geom provider. When amd tries to mount the geli volume again, geli should then ask for the key again (e.g. on the console). The idea is to protect geli encrypted partitions that are idle, so that even if the box is compromized and the power is maintained (somehow), encrypted partition(s) would still require a key after being idle for some time. Any way or ideas how to implement this? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"