[PC-BSD Testing] Disk encryption issues and ... on 8.2 RC 1
finid at linuxbsdos.com
Thu Jan 13 15:16:22 PST 2011
Here are few observations about disk encryption and the default
1. When disk encryption is selected (when using UFS or ZFS), swap is not
encrypted. That, I think, leaves a hole in the disk encryption scheme.
2. The default partitions when using UFS are /, swap, var, and /usr. I
think a default disk partitioning scheme that falls close to what is
created when ZFS is in use (/, swap, and root zpool) would be better.
Creating, for example, /boot, swap, /, then encrypting both / and swap if
the encryption option is checked, will be a much better scheme than the
3. The system gives 3 chances to supply the correct encryption passphrase
during system boot. I found that if the third and last attempt is
unsuccessful, the system will drop into a console. You may view a
screenshot of it at http://linuxbsdos.com/forum/thread-85.html
What purpose does this serve? Is it really a good idea to give any kind of
access if a user is unable to supply the correct passphrase?
4. Is it mandatory to use a passphrase and a system-generated key at
the same time? There is something about generating a random key when a
user has already specified a passphrase that I don't fully understand.
I will be looking at GPT next
More information about the Testing