I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition.
I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck.
These are the steps which I tried:
# boot FreeBSD...
I've recently moved my system to new box. At first boot up I got an error with attaching my encrypted disks (GELI) saying there's a problem with metadata. So I've restored it with my backup file with geli restore. Attaching is no longer an issue now I can't mount it or even fsck.
I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries.
Should I find one that employs guards with machine guns, still there is a point from which it isn’t...
I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode.
Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad.
newfs throws the error "newfs: can't...
Previously, I only had these two lines in /etc/rc.conf:
geli_ada2p1_flags=" -k /root/geli.key"
But due to other options, I want the passphrase to be asked during the initial phase of the boot process. So, what I did according to what I've read was to add these lines...
I have read a lot about gbde, geli and dm-crypt under linux, but a question remains: Why would iI store my master key on the disk? Seriously! Anybody could rip the metadata off the disk in no time and brute force the password in a cluster without even having additional encrypted sample data...
I have question.
I've FreeBSD 10.2 installed on my server.
I've added GELI support in kernel.
Now, I want to added load options for GELI in kernel :
Is it possible to do it...
I have multiple internal drives that are encrypted with geli via a password only. I am running 10.1 presently, and upon reboot I am asked for a password to decrypt the drives and continue the boot process. I do not have anything in /boot/loader.conf about them, other than instructing it...