[PC-BSD Testing] encrypting / during 8.1 install

Lars Engels lars.engels at 0x20.net
Fri Oct 22 10:41:14 PDT 2010


On Fri, Oct 22, 2010 at 01:34:53PM -0400, Kris Moore wrote:
> On 10/22/2010 12:56, Dru Lavigne wrote:
> > 
> > I'm updating the Encryption page of the Advanced Installation
> > section of the Handbook
> > (http://wiki.pcbsd.org/index.php/Disk_Encryption). My understanding
> > is that if you want to encrypt root, you need to have a /boot on a
> > removable media to store the keys. I've inserted a UFS formatted
> > thumb drive containing an empty /boot and it is probed by the
> > installer during bootup. However, the installation fails shortly
> > after formatting the partitions with the following error:
> > 
> > ERROR: Can't encrypt (/) with no (/boot) partition!
> > 
> > Is my understanding incorrect? Or is the installer not looking for
> > /boot on a thumb drive? It would be problematic to temporarily store
> > the keys on /boot in the memory filesystem, unless the user was
> > prompted to insert a thumb drive to save the keys (which probably is
> > a good idea, even for non-root partitions so they are forced to make
> > their backup...)
> > 
> 
> How did you setup the file-system layout for this USB stick? I.E. did
> you actually specify a /boot partition on /dev/da0 when you manually
> setup the layout?
> 
> > Also verified some bugs (which were mentioned by a user in an
> > earlier email thread) which should be addressed for 8.2:
> > 
> > * swap doesn't ask for a password so it does not make sense to
> > prompt the user to input a password for this partition
> 
> Just committed fix for this.
> 
> > * the confirm password prompt does not check to see if the passwords
> > match; will this make a partition inaccessible if the user
> > fatfingered the password confirmation?
> 
> It wasn't updating the GUI properly if passwords didn't match, fixed now :)
> 
> > * the user mentioned problems with non-QWERTY characters; I'm not
> > sure if this includes numbers as I haven't had luck with a numeric
> > passphrase so far; I'll research this further, but if this is the
> > case we should have some text indicating what sort of characters are
> > allowed
> >
> 
> Need to check into this, I'm guessing the geli prompt only understands
> qwerty?

Yes, there is only qwerty keyboard available unless you compile a kernel
with a different layout.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20101022/3902dd44/attachment.pgp>


More information about the Testing mailing list