[PC-BSD Testing] Disk encryption
finid at linuxbsdos.com
finid at linuxbsdos.com
Mon Feb 15 00:56:11 PST 2010
I'm trying to get a better understanding of how disk encryption on PC-BSD
works. Here's what I've gleaned by playing with the installer:
By default, the installer creates slices for /, swap, /var and /usr.
If you switch to "custom partition ..." and edit the slices, there will be
options to encrypt each slice. When I chose to encrypt /, the installation
failed with an error message that amounted to "encryption of / is not
supported."
So I tried the installation again and chose to encrypt /usr. From a real
security perspective, this does nothing for me. Just trying to get to know
encryption on PC-BSD. I was expecting the installer to ask for a
passphrase (this is how it works on Linux). But it did not. Instead it
generated two random keys and stored them in the /boot/keys directory.
Now I'm thinking, if I do not know what the keys are, how useful is this
to me? In any case, I finished the installation and the system rebooted
without asking me for a key.
Now my question. How does disk encryption work on PC-BSD? I'm hoping that
someone with a better understanding of how this works will jump in and
help me understand how it works.
I'm assuming that encryption of / is not supported because /boot is a
directory under it. Wouldn't it be better to create a separate slice for
/boot? That way / can be encrypted.
I hope this makes sense to somebody.
Thanks,
--
FD
More information about the Testing
mailing list