[PC-BSD Testing] encrypting / during 8.1 install
drulavigne at sympatico.ca
Fri Oct 22 09:56:11 PDT 2010
I'm updating the Encryption page of the Advanced Installation section of the Handbook (http://wiki.pcbsd.org/index.php/Disk_Encryption). My understanding is that if you want to encrypt root, you need to have a /boot on a removable media to store the keys. I've inserted a UFS formatted thumb drive containing an empty /boot and it is probed by the installer during bootup. However, the installation fails shortly after formatting the partitions with the following error:
ERROR: Can't encrypt (/) with no (/boot) partition!
Is my understanding incorrect? Or is the installer not looking for /boot on a thumb drive? It would be problematic to temporarily store the keys on /boot in the memory filesystem, unless the user was prompted to insert a thumb drive to save the keys (which probably is a good idea, even for non-root partitions so they are forced to make their backup...)
Also verified some bugs (which were mentioned by a user in an earlier email thread) which should be addressed for 8.2:
* swap doesn't ask for a password so it does not make sense to prompt the user to input a password for this partition
* the confirm password prompt does not check to see if the passwords match; will this make a partition inaccessible if the user fatfingered the password confirmation?
* the user mentioned problems with non-QWERTY characters; I'm not sure if this includes numbers as I haven't had luck with a numeric passphrase so far; I'll research this further, but if this is the case we should have some text indicating what sort of characters are allowed
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Testing