[PC-BSD Testing] encrypting / during 8.1 install
kris at pcbsd.org
Fri Oct 22 10:34:53 PDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 10/22/2010 12:56, Dru Lavigne wrote:
> I'm updating the Encryption page of the Advanced Installation section of the Handbook (http://wiki.pcbsd.org/index.php/Disk_Encryption). My understanding is that if you want to encrypt root, you need to have a /boot on a removable media to store the keys. I've inserted a UFS formatted thumb drive containing an empty /boot and it is probed by the installer during bootup. However, the installation fails shortly after formatting the partitions with the following error:
> ERROR: Can't encrypt (/) with no (/boot) partition!
> Is my understanding incorrect? Or is the installer not looking for /boot on a thumb drive? It would be problematic to temporarily store the keys on /boot in the memory filesystem, unless the user was prompted to insert a thumb drive to save the keys (which probably is a good idea, even for non-root partitions so they are forced to make their backup...)
How did you setup the file-system layout for this USB stick? I.E. did
you actually specify a /boot partition on /dev/da0 when you manually
setup the layout?
> Also verified some bugs (which were mentioned by a user in an earlier email thread) which should be addressed for 8.2:
> * swap doesn't ask for a password so it does not make sense to prompt the user to input a password for this partition
Just committed fix for this.
> * the confirm password prompt does not check to see if the passwords match; will this make a partition inaccessible if the user fatfingered the password confirmation?
It wasn't updating the GUI properly if passwords didn't match, fixed now :)
> * the user mentioned problems with non-QWERTY characters; I'm not sure if this includes numbers as I haven't had luck with a numeric passphrase so far; I'll research this further, but if this is the case we should have some text indicating what sort of characters are allowed
Need to check into this, I'm guessing the geli prompt only understands
> Testing mailing list
> Testing at lists.pcbsd.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Testing