Search results for query: geli usb unlock

I can think of only one way to remotely unlock the geli provider on the host computer without installing two operating systems in parallel and setting up the geli provider to be invisible: bootstrap the unencrypted OS via PXE use a whole disk as a geli provider, no partition scheme, no...

Before I tried this only exclusively one by one. It didn't make a difference. Removing both at the same time renders the system unable to boot: It doesn't find the zpool anymore: Addition: The request for the passphrase comes from /boot/kernel/geom_eli.ko according to a grep for the "Enter...

Dear community! I want to give FreeBSD a try. My first mile stone is a fully encrypted headless system, i.e. which can do boots without interference. The idea is to have an USB stick holding an unencrypted ufs with /boot-dir and the key file, which decrypts the main drive's partition holding a...

Don't be too hard on yourself. Manual pages sometime are not easy, or even impossible to understand for someone not familiar with the system and terminology. After years of using FreeBSD, I still have trouble understanding many manuals. Yes, that's correct. For simplicity, the term “provider”...

That's not possible. The loader (for BIOS or UEFI) can identify if a geli GELIBOOT flagged provider(s) is present and prompt for a passphrase, but the loader can't read a key file from a USB drives file system. To read the file, the file system in which the key file is stored must be mounted...

Same here... This is the code to fix Dropbear after a major upgrade. PREBOOT [ -z "$ufsdir" ] && ufsdir=/xboot [ -z "$pool" ] && pool=tank if [ x"$1" != x"update" -a x"$1" != x"setup" ] ; then echo "ERROR: run me with setup or update" exit 1 fi if [ "$1" = "setup" ] ; then...

I put FreeBSD 14.2 on my new laptop but it will not boot, or rather the ZFS pool I created is not being seen even though I am prompted to unlock the drive. The drive was nda0 and geli is on nda0p3. For reference, I used my automated installer, but that should NOT matter. If I reboot back to...

Two general comments about security: First, consider the value of your data (how motivated are attackers to get it), and possible attack vectors. Second, all security is a compromise, between statistically better protection of your data, versus loss of convenience, cost of managing, and sense of...

Whilst the bootloader has not yet gained support, it should (I guess) be possible to begin with an encrypted pool/ROOT, then install FreeBSD the long way, then whenever you need to boot a boot environment e.g. pool/ROOT/default: first, boot from something that allows you to unlock the ROOT. That...

Regarding how-to's. In this forum, I just found some dead ended threads regarding the topic "unlock with usb". Please, correct me, if I used the search function the wrong way ... ;) one two ... other one, but not the intended solution n-th dead ended one BTW: Regarding security concerns: ;)...

BTW: I am aware of security issues. The idea of unlocking a system partition with an usb stick to make a system come up does not imply wasting security by additional unlocking of other pools that should be protected with that usb stick. Meaning: in this thread, usage of usb stick is supposed to...

Hi mtu, and thanks for reply. Ok, I try to find a working one. ;) Starting the search here in the forum. Not quite, say indirectly. In the first place, I had the idea of using an USB stick like a key in the real world. Just imagine you have to do some maintainance of an encrypted machine...

Yes, it is possible to use a USB stick that contains a keyfile for geli to unlock a volume. You can find tutorials on how to do this. IPMI is another solution, but only for supporting hardware. Basically, your question is as old as encryption itself: How can I unlock a system remotely? My...

Hi People, using freebsd you can encrypt the system pool zroot. But then you have to enter the passphrase on each boot-up. Please, excuse that I do not know that much about geli and the boot up mechanisms in freebsd. I am still learning. As far as I know you can use key files to attach a geli...

So far, my "unique" backup strategy is working "okay". It is a little bit confusing as to what I'm doing, and if I import the pool from my drive that has yet to be synced, I might not see files that were recently added. I must export the pool now as it seems it won't let me offline the USB...

My system is encrypted with GELI and uses the AUTOZFS partition schema. I can successfully boot up without issues. I would like to make a backup system that boots up with a USB key, and then after booted, I will remove the USB key. The backup system is completely headless, but if needed, I...

Wrong. Or perhaps a little bit right. But in computer security, "a little bit" doesn't cut it. Your first step needs to be: Think about what you want to accomplish. How important is your data? How big is the damage if it gets revealed? Will the economic cost to you be $100, $1M, or $10B...

Thank you so much for replying.... How can i implement example 2 (Solution with usb stick has a keyfile and passfile)? I mean, do you have any instructions step by step for it?

The thing is: you have to think through the possible attack. In this particular case, we need to think about "multi factor authentication". Typically today reasonably secure machines (like laptops used by banks or major corporations) use 2-factor authentication: to get in, you need to have two...

I'm not sure if installing-freebsd-on-geli-ufs.50570 answers your question. kern.cam.boot_delay=