On Sun, Sep 23, 2007 at 05:59:01PM +0100, Gabriel Dragffy wrote:
> This sounds good. How exactly did you manage to encrypt discs and then 
> install freebsd there? I can just about setup software raid once freebsd is 
> installed, but by then I am unable to use a hard drive because it already 
> has freebsd on it.

There is no point in encrypting the whole harddisk. The OS and ports can
be downloaded from the internet. No point in keeping them secret. They
might in fact facilitate a known-plaintext attack.

The things that you should encrypt are /home and maybe /var.

So when installing FreeBSD you should set aside room for slices to hold
/home and /var, see below.

A possible lay-out would be;

/          200MB
/tmp       200MB
/usr       10GB
/var       2BG
/home      the rest

You can find instructions on setting up GEOM_ELI for /home on my website;

After a reboot you might get prompted for the GELI password before the
login prompt, depending on if you've used a password.

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

Attachment: pgpfjFa5XkbY3.pgp
Description: PGP signature

Reply via email to