Hello, Philipp Martis wrote: > I checked a few other images, namely the daily netboot builds from > 05/12, 05/18, 06/05 and 06/11 (today). They all have the same > problem: "physical volume for encryption" doesn't show up during > partitioning, I should probably write this up in the Wiki... We don't support it yet in the installer, but it is potentially possible, if you install some part that is unencrypted and set up encrypted partitions later. My laptop boots a very small unencrypted root (similar to an initramfs). An early /etc/rcS.d script prompts me to unlock a geli partition, inside which I have a ZFS pool which is mounted after that. The (encrypted) ZFS filesystems can be mounted anywhere - you could encrypt only /home if you prefer - or even over the top of /usr or / (the latter would be similar to doing a pivot_root, which is how full-disk encryption is usually implemented on Linux). Remember to move /lib/modules into /boot in this case, and put a symlink back from /lib/modules -> /boot/modules There are still other ways. Regular OpenSSH can be used for a dropbear-type setup. The FreeBSD kernel has some way to mount an encrypted root partition by itself; and GRUB2 supports encryption and GPG verification of things it loads too. Regards, -- Steven Chamberlain steven@pyro.eu.org
Attachment:
signature.asc
Description: Digital signature