Would it be possible to make FreeBSD's bootcode aware of geli encrypted volumes? I would like to enter the password and begin decryption so that the kernel and /boot are inside the encrypted volume. Ideally the only unencrypted area of the disk would be the gpt protected mbr and the bootcode. I know that Truecrypt is able to do something like this with its truecrypt boot loader, is something like this possible with FreeBSD without using Truecrypt?
AFAIK you'd need something similary to initrd (http://en.wikipedia.org/wiki/Initrd), which, to the best of my knowledge, does not currently exist in freebsd. so long, azet On Mon, Jun 11, 2012 at 2:21 AM, Robert Simmons <rsimmons0@gmail.com> wrote:> Would it be possible to make FreeBSD's bootcode aware of geli encrypted volumes? > > I would like to enter the password and begin decryption so that the > kernel and /boot are inside the encrypted volume. ?Ideally the only > unencrypted area of the disk would be the gpt protected mbr and the > bootcode. > > I know that Truecrypt is able to do something like this with its > truecrypt boot loader, is something like this possible with FreeBSD > without using Truecrypt? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
On Jun 11, 2012 1:22 AM, "Robert Simmons" <rsimmons0@gmail.com> wrote:> > Would it be possible to make FreeBSD's bootcode aware of geli encryptedvolumes?> > I would like to enter the password and begin decryption so that the > kernel and /boot are inside the encrypted volume. Ideally the only > unencrypted area of the disk would be the gpt protected mbr and the > bootcode. > > I know that Truecrypt is able to do something like this with its > truecrypt boot loader, is something like this possible with FreeBSD > without using Truecrypt?I just booted off a USB flash key. Then your entire drive can be encrypted. -- Simon L. B. Nielsen Mobile