no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| — | freebsd_encrypted_drive [2013/03/29 21:15] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== FreeBSD Encrypted Drive ====== | ||
| + | * [[FreeBSD]] | ||
| + | * [[geli]] | ||
| + | |||
| + | Creating and mounting an encrypted UFS2 filesystem is very easy to do, and it can be automatically unlocked during boot and have a filesystem check run (fstab). | ||
| + | |||
| + | === Load kernel module on boot === | ||
| + | |||
| + | < | ||
| + | echo geom_eli_load=" | ||
| + | </ | ||
| + | |||
| + | === Create an Encrypted Device === | ||
| + | |||
| + | Create a passphrase key. Make a backup copy of it somewhere to be safe. | ||
| + | |||
| + | < | ||
| + | dd if=/ | ||
| + | geli init -s 4096 -K ada1.key /dev/ada1 | ||
| + | </ | ||
| + | |||
| + | Unlock the encrypted drive. | ||
| + | |||
| + | < | ||
| + | geli attach -k ada1.key /dev/ada1 | ||
| + | </ | ||
| + | |||
| + | Fill the new volume with random data: | ||
| + | |||
| + | < | ||
| + | dd if=/ | ||
| + | </ | ||
| + | |||
| + | Format the new volume as UFS2: | ||
| + | |||
| + | < | ||
| + | newfs -U / | ||
| + | </ | ||
| + | |||
| + | After that you can mount it as normal. | ||
| + | |||
| + | < | ||
| + | echo "/ | ||
| + | </ | ||
| + | |||
| + | === Unmount an Encrypted Device === | ||
| + | |||
| + | Unmount and detach encrypted volume: | ||
| + | |||
| + | < | ||
| + | umount /private | ||
| + | geli detach ada1.eli | ||
| + | </ | ||
| + | |||
| + | === Mount Encrypted Device on Boot === | ||
| + | |||
| + | Add to ''/ | ||
| + | |||
| + | < | ||
| + | geli_devices=" | ||
| + | geli_ada1_flags=" | ||
| + | </ | ||
| + | |||
| + | On bootup, FreeBSD will ask for the passphrase. | ||
