diff options
author | pjd <pjd@FreeBSD.org> | 2005-08-14 18:02:22 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2005-08-14 18:02:22 +0000 |
commit | a2b7d697913d661fda3cdf89df1b40035f6c116a (patch) | |
tree | 85e2934f5d33797f65e52eef52a990ff180d2d5d /etc/defaults | |
parent | 4c42e011b4355b63d51ade3c0d027dde76715566 (diff) | |
download | FreeBSD-src-a2b7d697913d661fda3cdf89df1b40035f6c116a.zip FreeBSD-src-a2b7d697913d661fda3cdf89df1b40035f6c116a.tar.gz |
Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
Diffstat (limited to 'etc/defaults')
-rw-r--r-- | etc/defaults/rc.conf | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index e9d86e4..e56ac85 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -59,7 +59,23 @@ gbde_devices="NO" # Devices to automatically attach (list, or AUTO) gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices gbde_lockdir="/etc" # Where to look for gbde lockfiles -geli_swap_flags="-a aes -l 256 -s 4096 -d" # Options for GELI-encrypted swap partitions. +# GELI disk encryption configuration. +geli_devices="" # List of devices to automatically attach in addition to + # GELI devices listed in /etc/fstab. +geli_tries="" # Number of times to attempt attaching geli device. + # If empty, kern.geom.eli.tries will be used. +geli_default_flags="" # Default flags for geli(8). +geli_autodetach="YES" # Automatically detach on last close. + # Providers are marked as such when all file systems are + # mounted. +# Example use. +#geli_devices="da1 mirror/home" +#geli_da1_flags="-p -k /etc/geli/da1.keys" +#geli_da1_autodetach="NO" +#geli_mirror_home_flags="-k /etc/geli/home.keys" + +geli_swap_flags="-a aes -l 256 -s 4096 -d" # Options for GELI-encrypted + # swap partitions. root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. |