On Mon, 23 Mar 2009, Cem Kayali wrote:
Hi,
FreeBSD allows encryption of root partition and may be good start.
http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf
I have tried that approach about a year ago and successfully
performed installation. Also discussed with author, Marc Schiesser,
because tutorial should be updated according to FreeBSD 7.x and 8.x
versions. I have these notes in my archive.
Basic idea is that:
1- Run fixit disc of FreeBSD which is a live-cd with various FreeBSD
(own) utilities. Dont forget to load geom_eli module.
2- Partition the hard drive, and then, create geli slices (partitions).
3- Run sysinstall and address the geli partitions as install target.
Everything is isntalled into geli partition.
4- Once finished the work, copy kernel, kernel modules to ie; a usb
ram. In other words, prepare boot-only usb disk
5- Once everything is complete, boot from usb. It asks passphrase of
geli slice and mounts geli root as root
6- Remove usb ram.
The main thing missing from NetBSD to enable the same thing would
be to have cgd autoconfigure similar to how raidframe can.
Actually thas a nice piece of cgd functionality aside from
anything else we've discussed :)