no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


freebsd_encrypted_drive [2013/03/29 21:15] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== FreeBSD Encrypted Drive ======
  
 +  * [[FreeBSD]]
 +  * [[geli]]
 +
 +Creating and mounting an encrypted UFS2 filesystem is very easy to do, and it can be automatically unlocked during boot and have a filesystem check run (fstab).
 +
 +=== Load kernel module on boot ===
 +
 +<code>
 +echo geom_eli_load="YES" >> /boot/loader.conf
 +</code>
 +
 +=== Create an Encrypted Device ===
 +
 +Create a passphrase key.  Make a backup copy of it somewhere to be safe.
 +
 +<code>
 +dd if=/dev/random bs=64 count=1 of=/root/ada1.key
 +geli init -s 4096 -K ada1.key /dev/ada1
 +</code>
 +
 +Unlock the encrypted drive.  This will create the device ''/dev/ada1.eli'':
 +
 +<code>
 +geli attach -k ada1.key /dev/ada1
 +</code>
 +
 +Fill the new volume with random data:
 +
 +<code>
 +dd if=/dev/random bs=1M of=/dev/ada1.eli
 +</code>
 +
 +Format the new volume as UFS2:
 +
 +<code>
 +newfs -U /dev/ada1.eli
 +</code>
 +
 +After that you can mount it as normal.  Add an entry to ''fstab'':
 +
 +<code>
 +echo "/dev/ada1.eli /private ufs rw 1 1" >> /etc/fstab
 +</code>
 +
 +=== Unmount an Encrypted Device ===
 +
 +Unmount and detach encrypted volume:
 +
 +<code>
 +umount /private
 +geli detach ada1.eli
 +</code>
 +
 +=== Mount Encrypted Device on Boot ===
 +
 +Add to ''/etc/rc.conf'':
 +
 +<code>
 +geli_devices="ada1"
 +geli_ada1_flags="-k /root/ada1.key"
 +</code>
 +
 +On bootup, FreeBSD will ask for the passphrase.

Navigation
QR Code
QR Code freebsd_encrypted_drive (generated for current page)