I would like to direct anybody's attention who is interested in transparent drive encryption to GEOM, which will be a native feature of FreeBSD 5.0.
GEOM is a project that is slated for inclusion in the release of FreeBSD 5.0, a major upgrade to FreeBSD that has been years in the making, due out by the end of the year. Based on my understanding of what GEOM does, which may be imperfect, GEOM provides a transparent middle layer between the actual physical drives and what the OS thinks those drives are. For example, the OS may believe it is using two UFS partitions on the same IDE drive when in fact the actual drives used are one hard drive formatted for Linux, one MS-DOS drive, and some Solaris partition mounted over NFS. The OS or the application will be completely isolated from the physical hardware of the drives and the actual file systems on the drives. The benefits are compelling: you can simply add another drive and tell your OS that one of the partitions that it is using has just magically become much larger. Or move all the data over to a RAID without your OS ever changing the device entry it is talking to. As I said, totally transparent. I believe that GEOM will become widely adopted, just as Soft Updates became widely adopted within months of its inclusion in FreeBSD, because it is simply so compelling. Of course this magic requires various behind-the-scenes "transformations". One of such transformations that the author is explicitly targeting is transparent encryption. And that's not just encryption of blocks on the file system or via some kludgy loop back interface. If this gets implement right, if you were to look at the physical drive, you shouldn't even be able to tell how many files there are, or for that matter how much data is stored on the drive. Currently, GEOM is being written by a single guy in Denmark. Which sounds perhaps more crazy than it might be, because Soft Updates, IIRC, was written by one person as well. The guy seems real, has a grant for the project, and is an active member of the FreeBSD team. If you feel comfortable with running FreeBSD-CURRENT, which was just released as a Developer Preview 1 build, are familiar with at least some file systems, and are interested in seeing transparent drive encryption deployed on hundreds of thousands of machines worldwide by the end of the year, I would encourage you to visit http://phk.freebsd.dk/geom/ and read the geom man page found on the FreeBSD web site. Note that the encryption transformation code is not yet available, though some of the file system transformation code is. --Lucky
