On Sun, Sep 23, 2007 at 05:59:01PM +0100, Gabriel Dragffy wrote: > This sounds good. How exactly did you manage to encrypt discs and then > install freebsd there? I can just about setup software raid once freebsd is > installed, but by then I am unable to use a hard drive because it already > has freebsd on it.
There is no point in encrypting the whole harddisk. The OS and ports can be downloaded from the internet. No point in keeping them secret. They might in fact facilitate a known-plaintext attack. The things that you should encrypt are /home and maybe /var. So when installing FreeBSD you should set aside room for slices to hold /home and /var, see below. A possible lay-out would be; / 200MB /tmp 200MB /usr 10GB /var 2BG /home the rest You can find instructions on setting up GEOM_ELI for /home on my website; http://www.xs4all.nl/~rsmith/freebsd/index.html#home After a reboot you might get prompted for the GELI password before the login prompt, depending on if you've used a password. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
Description: PGP signature