DutchDaemon said:
Passwording the loader:
loader.conf(5) ->
Code:
[U]password[/U] Provides a password to be required by check-password before execution is allowed to continue.
This may be obvious for some people, but just to make sure:
Do *not* use the root password (Or any other password you use somewhere else for that matter) in /boot/loader.conf.
/boot/loader.conf is not created by default, and most people have a umask of 022, meaning that /boot/loader.conf not only contains a cleartext password, but that the file is also world-readable.
So using a unique password and
# chmod 600 /boot/loader.conf
is highly recommended.
As a somewhat unrelated - but also related - subject, some time ago I came across a (HP) laptop with a hard disk that only worked in that specific laptop, other computers/laptops did not recognize the disk, FreeBSD for examples gave READ_DMA errors.
This is an option you can enable/disable in the BIOS, IIRC it was called a `disk lock'.
Does anyone happen to know how this exactly works? And how secure it actually is? I suspect this is some TPM feature, but wasn't able to find a lot of information about it (Although I must admit I did not search very thoroughly).