Trace:

Differences

This shows you the differences between two versions of the page.

--- freebsd_encrypted_drive [2013/03/29 15:15]
+++ freebsd_encrypted_drive [2013/03/29 15:15] (current)
@@ Line 1: / Line 1: @@
+====== FreeBSD Encrypted Drive ======
+  * [[FreeBSD]]
+  * [[geli]]
+Creating and mounting an encrypted UFS2 filesystem is very easy to do, and it can be automatically unlocked during boot and have a filesystem check run (fstab).
+=== Load kernel module on boot ===
+<code>
+echo geom_eli_load="YES" >> /boot/loader.conf
+</code>
+=== Create an Encrypted Device ===
+Create a passphrase key.  Make a backup copy of it somewhere to be safe.
+<code>
+dd if=/dev/random bs=64 count=1 of=/root/ada1.key
+geli init -s 4096 -K ada1.key /dev/ada1
+</code>
+Unlock the encrypted drive.  This will create the device ''/dev/ada1.eli'':
+<code>
+geli attach -k ada1.key /dev/ada1
+</code>
+Fill the new volume with random data:
+<code>
+dd if=/dev/random bs=1M of=/dev/ada1.eli
+</code>
+Format the new volume as UFS2:
+<code>
+newfs -U /dev/ada1.eli
+</code>
+After that you can mount it as normal.  Add an entry to ''fstab'':
+<code>
+echo "/dev/ada1.eli /private ufs rw 1 1" >> /etc/fstab
+</code>
+=== Unmount an Encrypted Device ===
+Unmount and detach encrypted volume:
+<code>
+umount /private
+geli detach ada1.eli
+</code>
+=== Mount Encrypted Device on Boot ===
+Add to ''/etc/rc.conf'':
+<code>
+geli_devices="ada1"
+geli_ada1_flags="-k /root/ada1.key"
+</code>
+On bootup, FreeBSD will ask for the passphrase.