Differences
This shows you the differences between two versions of the page.
freebsd_encrypted_drive [2013/03/29 15:15] |
freebsd_encrypted_drive [2013/03/29 15:15] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== FreeBSD Encrypted Drive ====== | ||
+ | * [[FreeBSD]] | ||
+ | * [[geli]] | ||
+ | |||
+ | Creating and mounting an encrypted UFS2 filesystem is very easy to do, and it can be automatically unlocked during boot and have a filesystem check run (fstab). | ||
+ | |||
+ | === Load kernel module on boot === | ||
+ | |||
+ | <code> | ||
+ | echo geom_eli_load="YES" >> /boot/loader.conf | ||
+ | </code> | ||
+ | |||
+ | === Create an Encrypted Device === | ||
+ | |||
+ | Create a passphrase key. Make a backup copy of it somewhere to be safe. | ||
+ | |||
+ | <code> | ||
+ | dd if=/dev/random bs=64 count=1 of=/root/ada1.key | ||
+ | geli init -s 4096 -K ada1.key /dev/ada1 | ||
+ | </code> | ||
+ | |||
+ | Unlock the encrypted drive. This will create the device ''/dev/ada1.eli'': | ||
+ | |||
+ | <code> | ||
+ | geli attach -k ada1.key /dev/ada1 | ||
+ | </code> | ||
+ | |||
+ | Fill the new volume with random data: | ||
+ | |||
+ | <code> | ||
+ | dd if=/dev/random bs=1M of=/dev/ada1.eli | ||
+ | </code> | ||
+ | |||
+ | Format the new volume as UFS2: | ||
+ | |||
+ | <code> | ||
+ | newfs -U /dev/ada1.eli | ||
+ | </code> | ||
+ | |||
+ | After that you can mount it as normal. Add an entry to ''fstab'': | ||
+ | |||
+ | <code> | ||
+ | echo "/dev/ada1.eli /private ufs rw 1 1" >> /etc/fstab | ||
+ | </code> | ||
+ | |||
+ | === Unmount an Encrypted Device === | ||
+ | |||
+ | Unmount and detach encrypted volume: | ||
+ | |||
+ | <code> | ||
+ | umount /private | ||
+ | geli detach ada1.eli | ||
+ | </code> | ||
+ | |||
+ | === Mount Encrypted Device on Boot === | ||
+ | |||
+ | Add to ''/etc/rc.conf'': | ||
+ | |||
+ | <code> | ||
+ | geli_devices="ada1" | ||
+ | geli_ada1_flags="-k /root/ada1.key" | ||
+ | </code> | ||
+ | |||
+ | On bootup, FreeBSD will ask for the passphrase. |