Hi
I'm trying to partition and encrypt my SSD for my new desktop with gpart(8) and geli(8) using gpt and ufs. I'm using FreeBSD 10.
I'm trying to partition and encrypt my SSD for my new desktop with gpart(8) and geli(8) using gpt and ufs. I'm using FreeBSD 10.
- I've seen others create geli(8) partition of the entire hard drive first and then partition it using gpart(8) for /, /tmp, /var, ... I just want to know what is the advantage of this setup over partition the hard drive first and then encrypt each partition?
Link: https://forums.freebsd.org/viewtopic.php?&t=29652
- I've read online that inside the /boot/loader.conf for specifying geli(8) key location, I can use gpt labels, for example:
Code:geli_gpt-label_keyfile0_load="YES" geli_gpt-label_keyfile0_type="gpt/gpt-label:geli_keyfile0" geli_gpt-label_keyfile0_name="/boot/geli.key" vfs.root.mountfrom="ufs:/dev/gpt/gpt-label.eli"
I did this on a virtual machine and looked at dmesg(8) and I found out:
Code:... GEOM_ELI: Found no key files in loader.conf for ada0p1 GEOM_ELI: Found no key files in loader.conf for ada0p2 ... GEOM_ELI: Found no key files in loader.conf for diskid/DISK-ID1 GEOM_ELI: Found no key files in loader.conf for diskid/DISK-ID2 ... GEOM_ELI: Device gpt/gpt-label.eli created. GEOM_ELI: Encryption: ... ...