Encryption support in installer?

F

fonz

Hi all,

Suppose you wish to have most (if not all) of your partitions encrypted, including the root partition. Can this be done during installation of FreeBSD or does it have to be set up afterward?

In the latter case, what would be the recommended procedure? According to the handbook, setting up disk encryption requires the creation of a new filesystem, thus destroying a partition's current contents, which I guess would lead to cumbersome backup-and-restore trickery.

Thanks in advance,

Fonz
 
it's not supported by sysinstal...
However you can install FreeBSD, compile custom kenrel and then using dump and restore make most of your drives/slice/partitions encrypted.

If you want to encrypt everything, you need to create bootable usb pen drive (very easy):
use sysinstall to create bootable partition (in sysinstall press w to write to disk), quit sysinstall.
then create image of usb pen using dd.
mounting using dd

then read this
http://daemonforums.org/showthread.php?t=1538
fallow instructions to install system to pen image....
(you only need to install base and kernel)

rewrite kernel with your custom kernel (generic ain't got geli)


umount pen image and dd it to usb pen drive
reboot (make sure your PC supports boot from usb pen drive)

do your thing....
I think i will write guide for this.
it's pretty simple
 
killasmurf86 said:
it's not supported by sysinstal...
Click to expand...

Then again, a link in another thread about this subject pointed to a paper by Marc Schiesser. Apparently, sysinstall can be circumvented altogether:
  1. boot the live FS
  2. load the GELI/GBDE kernel module
  3. partition and format the disks
  4. extract the dist sets you need (manually, that is)
  5. perform additional configging
  6. done

I think I'm going to try both approaches on a test box to see which one I like better.

In fact, if I have enough spare time on my hands I might even have a go at writing a new installer that's capable of handling encryption. Sounds like a blast ;)

Anyway, thanks for your input. I'll try it out for sure.

Fonz
 
fonz said:
Then again, a link in another thread about this subject pointed to a paper by Marc Schiesser. Apparently, sysinstall can be circumvented altogether:
  1. boot the live FS
  2. load the GELI/GBDE kernel module
  3. partition and format the disks
  4. extract the dist sets you need (manually, that is)
  5. perform additional configging
  6. done

I think I'm going to try both approaches on a test box to see which one I like better.

In fact, if I have enough spare time on my hands I might even have a go at writing a new installer that's capable of handling encryption. Sounds like a blast ;)

Anyway, thanks for your input. I'll try it out for sure.

Fonz
Click to expand...

LiveFS cd use generic kernel. Generic kernel (at least on CD) doesn't support geli
I just tried, to make sure, using qemu
 
killasmurf86 said:
LiveFS cd use generic kernel. Generic kernel (at least on CD) doesn't support geli
I just tried, to make sure, using qemu
Click to expand...

Ah, that's something to look into. Perhaps things were different when that particular paper was being written.

Fonz
 
fonz said:
Ah, that's something to look into. Perhaps things were different when that particular paper was being written.

Fonz
Click to expand...

you need to either build custom cd or usb pen drive, or another HDD
 
You must log in or register to reply here.
Back
Top