[PC-BSD Testing] encrypting / during 8.1 install

Kris Moore kris at pcbsd.org
Fri Oct 22 10:34:53 PDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/22/2010 12:56, Dru Lavigne wrote:
> 
> I'm updating the Encryption page of the Advanced Installation section of the Handbook (http://wiki.pcbsd.org/index.php/Disk_Encryption). My understanding is that if you want to encrypt root, you need to have a /boot on a removable media to store the keys. I've inserted a UFS formatted thumb drive containing an empty /boot and it is probed by the installer during bootup. However, the installation fails shortly after formatting the partitions with the following error:
> 
> ERROR: Can't encrypt (/) with no (/boot) partition!
> 
> Is my understanding incorrect? Or is the installer not looking for /boot on a thumb drive? It would be problematic to temporarily store the keys on /boot in the memory filesystem, unless the user was prompted to insert a thumb drive to save the keys (which probably is a good idea, even for non-root partitions so they are forced to make their backup...)
> 

How did you setup the file-system layout for this USB stick? I.E. did
you actually specify a /boot partition on /dev/da0 when you manually
setup the layout?

> Also verified some bugs (which were mentioned by a user in an earlier email thread) which should be addressed for 8.2:
> 
> * swap doesn't ask for a password so it does not make sense to prompt the user to input a password for this partition

Just committed fix for this.

> * the confirm password prompt does not check to see if the passwords match; will this make a partition inaccessible if the user fatfingered the password confirmation?

It wasn't updating the GUI properly if passwords didn't match, fixed now :)

> * the user mentioned problems with non-QWERTY characters; I'm not sure if this includes numbers as I haven't had luck with a numeric passphrase so far; I'll research this further, but if this is the case we should have some text indicating what sort of characters are allowed
>

Need to check into this, I'm guessing the geli prompt only understands
qwerty?

> Cheers,
> 
> Dru
>  		 	   		  
> 
> 
> 
> _______________________________________________
> Testing mailing list
> Testing at lists.pcbsd.org
> http://lists.pcbsd.org/mailman/listinfo/testing


- -- 
Kris Moore
PC-BSD Software
iXsystems
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMwcs8AAoJEDv6T4U6J2HSVt8H/0wgPHPdoQ5iNQEvDFOueFvv
3Ry5qyb6gb5Mggmg/S510udMx1isMEg+EhDlHMjU4mLg0FDYE2vwerfr2IKippNz
xqptd0nhALxOW9ac4hqc1o7D2iLm3S/C1LqXCgjJr5fVwetR2Uz4xZXB3JxbW71q
rllzTl1fgGl/ZbIVWnWK9sDuaAYPUJy8NsMvyh/c8Jj6bLU9O3/C8tS/0IvYLvLb
jrcqsYYCK9MasZxHqcp+bo7KjfM0Qut18m47POWzwV05f16Kch3OhwGfiMe75TO4
URLnwQSxYNEz/XxLshJ0GfbllEK4ggfKmQKP2nvVKHYVcRaKW6AkmCtLito9ZKE=
=8FBa
-----END PGP SIGNATURE-----


More information about the Testing mailing list