[PC-BSD Testing] encrypting / during 8.1 install

Dru Lavigne drulavigne at sympatico.ca
Fri Oct 22 09:56:11 PDT 2010


I'm updating the Encryption page of the Advanced Installation section of the Handbook (http://wiki.pcbsd.org/index.php/Disk_Encryption). My understanding is that if you want to encrypt root, you need to have a /boot on a removable media to store the keys. I've inserted a UFS formatted thumb drive containing an empty /boot and it is probed by the installer during bootup. However, the installation fails shortly after formatting the partitions with the following error:

ERROR: Can't encrypt (/) with no (/boot) partition!

Is my understanding incorrect? Or is the installer not looking for /boot on a thumb drive? It would be problematic to temporarily store the keys on /boot in the memory filesystem, unless the user was prompted to insert a thumb drive to save the keys (which probably is a good idea, even for non-root partitions so they are forced to make their backup...)

Also verified some bugs (which were mentioned by a user in an earlier email thread) which should be addressed for 8.2:

* swap doesn't ask for a password so it does not make sense to prompt the user to input a password for this partition
* the confirm password prompt does not check to see if the passwords match; will this make a partition inaccessible if the user fatfingered the password confirmation?
* the user mentioned problems with non-QWERTY characters; I'm not sure if this includes numbers as I haven't had luck with a numeric passphrase so far; I'll research this further, but if this is the case we should have some text indicating what sort of characters are allowed

Cheers,

Dru
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20101022/81a4bc56/attachment.html>


More information about the Testing mailing list