diff options
| author | pjd <pjd@FreeBSD.org> | 2006-02-11 13:18:47 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2006-02-11 13:18:47 +0000 |
| commit | ab17cb5277cadbb0a9aad15f6c417243fb066cb6 (patch) | |
| tree | 713b9863c0fe95c32beb197277f2772e691597b9 /sbin | |
| parent | 204d3235abbdaff64833facda5a3ce556c45d2d1 (diff) | |
| download | FreeBSD-src-ab17cb5277cadbb0a9aad15f6c417243fb066cb6.zip FreeBSD-src-ab17cb5277cadbb0a9aad15f6c417243fb066cb6.tar.gz | |
Add an example how to use keyfiles for encrypted providers which should be
attached before the root file system is mounted.
MFC after: 3 days
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/geom/class/eli/geli.8 | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8 index 13c0046..d465099 100644 --- a/sbin/geom/class/eli/geli.8 +++ b/sbin/geom/class/eli/geli.8 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 11, 2005 +.Dd February 11, 2006 .Dt GELI 8 .Os .Sh NAME @@ -511,10 +511,46 @@ Encrypted swap partition setup: # geli onetime -d -a 3des ad0s1b # swapon /dev/ad0s1b.eli .Ed +.Pp +The example below shows how to configure two providers which will be attached +on boot (before the root file system is mounted). +One of them is using passphrase and three keyfiles and the other is using only a +keyfile: +.Bd -literal -offset indent +# dd if=/dev/random of=/dev/da0 bs=1m +# dd if=/dev/random of=/boot/keys/da0.key0 bs=32k count=1 +# dd if=/dev/random of=/boot/keys/da0.key1 bs=32k count=1 +# dd if=/dev/random of=/boot/keys/da0.key2 bs=32k count=1 +# cat /boot/keys/da0.key0 /boot/keys/da0.key1 /boot/keys/da0.key2 | geli init -b -K - da0 +Enter new passphrase: +Reenter new passphrase: +# dd if=/dev/random of=/dev/da1s3a bs=1m +# dd if=/dev/random of=/boot/keys/da1s3a.key bs=128k count=1 +# geli init -b -P -K /boot/keys/da1s3a.key da1s3a +.Ed +.Pp +The providers are initialized, now we have to add those lines to +.Pa /boot/loader.conf : +.Bd -literal -offset indent +geli_da0_keyfile0_load="YES" +geli_da0_keyfile0_type="da0:geli_keyfile0" +geli_da0_keyfile0_name="/boot/keys/da0.key0" +geli_da0_keyfile1_load="YES" +geli_da0_keyfile1_type="da0:geli_keyfile1" +geli_da0_keyfile1_name="/boot/keys/da0.key1" +geli_da0_keyfile2_load="YES" +geli_da0_keyfile2_type="da0:geli_keyfile2" +geli_da0_keyfile2_name="/boot/keys/da0.key2" + +geli_da1s3a_keyfile0_load="YES" +geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" +geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" +.Ed .Sh SEE ALSO .Xr crypto 4 , .Xr gbde 4 , .Xr geom 4 , +.Xr loader.conf 5 , .Xr gbde 8 , .Xr geom 8 , .Xr crypto 9 |
