On Wed, Feb 20, 2013 at 07:58:10AM +0100, Paul Schenkeveld wrote: > Hi, > > I've been trying to find a solution for this chicken and egg problem, > how to have an encrypted root filesystem on a remote server. > > Geli can ask for a root password at the console to unlock the root fs > but that of course won't work for a remote server. > > Ideally I'd like the server to start, do minimal network config, run > a minimal ssh client (dropbear?) and wait for someone to log in, > provide the passphrase to unlock the root filesystem and then mount > the root filesystem and do a normal startup. > > I read about a pivotroot call in other OS-es, that would allow for a > very small unencrypted root filesystem to be mounted temporarily until > the passphrase has been entered and then swap that for a real, encrypted > root filesystem. But AFAIK we don't have pivotroot. > > The problem could also be solved if the real root fs could be union > mounted over the small unencrypted one but unionfs won't mount over /.
Why is it that I cannot union mount anything over /, is there a technical reason for that or is it because of security concerns? _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
