no at installation if you use standard installer.
as i don't use standard installer at all, i don't have such a problem.
i use any bootable FreeBSD media (actualy my own made pendrive), and then make
labels, do newfs, mount, unpack files etc.
if you can't do that then you may follow my advice
install as usual, but make partitions like
a: root - 10-20GB
b: swap - as you need
d: rest - don't allow to directory
install on a and b.
then after booting your system, and building and installing your kernel with
GEOM_ELI inside:
geli init -s 2048 (or 4096 whatever fragment size you plan) /dev/ad0d (or ada0d
or how is your disk named).
geli attach /dev/ad0d
newfs <options here> /dev/ad0d.eli
mount /dev/ad0d.eli /mnt
cd /mnt
tar --exclude /usr -cf - /|tar xpf -
so you have copied all data except /usr to /mnt
then edit /mnt/etc/fstab
make ad0d.eli as root and
ad0a as /usr
then edit /mnt/boot/loader.conf
add
vfs.root.mountfrom="ad0d.eli"
then reboot to single user mode
after booting
/sbin/mount /usr - should mount fine
cd /usr
ls
and delete with rm -rf everything except usr subdirectory
then
mv usr/* .
rm -rf usr
cd /
rm -rf boot
ln -s /usr/boot .
then press CTRL-D and you have your encrypted system up.
You don't have /usr encrypted as your software packages are not secred data.
/usr is a: partition so bootloader boots from here.
/usr/boot is linked to /boot to make it accessible for system programs as
usual.
but your /usr/local/etc may be secred so
cd /usr/local
mv etc /etc/local
ln -s /etc/local etc
this is how i configure my system everywhere i use geli.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
