Hi, FreeBSD allows encryption of root partition and may be good start. http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdfI have tried that approach about a year ago and successfully performed installation. Also discussed with author, Marc Schiesser, because tutorial should be updated according to FreeBSD 7.x and 8.x versions. I have these notes in my archive.
Basic idea is that:1- Run fixit disc of FreeBSD which is a live-cd with various FreeBSD (own) utilities. Dont forget to load geom_eli module.
2- Partition the hard drive, and then, create geli slices (partitions).3- Run sysinstall and address the geli partitions as install target. Everything is isntalled into geli partition.
4- Once finished the work, copy kernel, kernel modules to ie; a usb ram. In other words, prepare boot-only usb disk
5- Once everything is complete, boot from usb. It asks passphrase of geli slice and mounts geli root as root
6- Remove usb ram. Regards, Cem David Brownlee, 03/23/09 18:54:
On Mon, 23 Mar 2009, Todd Vierling wrote:I think that would be the ideal case for any mahine which doesn't require unattended reboot - the only unencrypted data on the disk would be the bootblocks and some cdg config (which may well be written into the bootblocks). Once installed it should be transparent to the user including updating kernels and anything other than bootblocks :)