Hi People,
using freebsd you can encrypt the system pool zroot. But then you have to enter the passphrase on each boot-up.
Please, excuse that I do not know that much about geli and the boot up mechanisms in freebsd. I am still learning.
As far as I know you can use key files to attach a geli device, but how to combine it to be able to use it with a usb stick?
Is it possible? I mean, you have to enter the geli passphrase for zroot before the kernel gets loaded, right?
I have been searching information about that topic, but I only found some kind of strange solutions consisting of sort of "freebsd on usb stick zroot" ...
I would like to know if there is a solution regarding using a usb stick to unlock the zroot pool, so on each system boot you can just use your usb stick to unlock the system or enter the passphrase using IPMI.
I know there is some script for luks in linux. I tried it and it worked on linux. But linux is no option here
I think it is possible to modify the boot up routine of freebsd, so additional encrypted disks could be unlocked automatically by an attached usb stick with a key file on it.
Of course, it is recommended to remove the usb stick from the system, once, it is "unlocked".
Main purpose is only to decrypt zroot to boot the machine, not to decrypt any other additional crypted partitions.
using freebsd you can encrypt the system pool zroot. But then you have to enter the passphrase on each boot-up.
Please, excuse that I do not know that much about geli and the boot up mechanisms in freebsd. I am still learning.
As far as I know you can use key files to attach a geli device, but how to combine it to be able to use it with a usb stick?
Is it possible? I mean, you have to enter the geli passphrase for zroot before the kernel gets loaded, right?
I have been searching information about that topic, but I only found some kind of strange solutions consisting of sort of "freebsd on usb stick zroot" ...
I would like to know if there is a solution regarding using a usb stick to unlock the zroot pool, so on each system boot you can just use your usb stick to unlock the system or enter the passphrase using IPMI.
I know there is some script for luks in linux. I tried it and it worked on linux. But linux is no option here

I think it is possible to modify the boot up routine of freebsd, so additional encrypted disks could be unlocked automatically by an attached usb stick with a key file on it.
Of course, it is recommended to remove the usb stick from the system, once, it is "unlocked".
