| x404.co.uk http://www.x404.co.uk/forum/ |
|
| HOWTO: GEOM Encrypted File System http://www.x404.co.uk/forum/viewtopic.php?f=4&t=515 |
Page 1 of 1 |
| Author: | forquare1 [ Tue May 12, 2009 10:35 pm ] |
| Post subject: | HOWTO: GEOM Encrypted File System |
Author: attenboroughp First of all, this article is taken directly from http://lizard.org.uk/weblog/ The only reason i'm posting it is because this website appears to have been down for some time. I am posting this in the hope that anyone else who needs the guide, and finds that the lizard website is still down, will stumble upon this post. I just thought this guide was too useful 'to let the internet take it". Here it is: ____________________________________________________________ A GEOM Encrypting filesystem An itch. Could I create a file on my disk, mount it as a standard UFS filesystem, but have it encrypted. A bit of Googling, and peek at the odd man page and the answer is yes. As ever after the fact it proved to be relatively simple: Initial mount First I create a 1GB empty file, then configure and enable the md device: truncate -s1G /export/encstore.dat mdconfig -a -t vnode -f /export/encstore.dat The mdconfig command allocates a unit number to the new device and prints the name of the allocated unit to stdout. In my case this is md0. So now I can initialize and attach this device: gbde init /dev/md0 -L /etc/md0.lock -P f00b4r gbde attach /dev/md0 -l /etc/md0.lock -p f00b4r If I'd failed to specify a pass-phrase I would have been prompted for it. The encrypted device has the suffix .bde, so to create and mount a filesystem it's a simple case of: newfs /dev/md0.bde mkdir /encstore mount /dev/md0.bde /encstore/ Umount and Detatch umount /dev/md0.bde gbde detach /dev/md0 mdconfig -d -u 0 Attach and mount mdconfig -a -t vnode -f /export/encstore.dat gbde attach /dev/md0 -l /etc/md0.lock mount /dev/md0.bde /encstore/ ____________________________________________________________ Additional notes by me: I've tested this on FreeBSD 6.0 RELEASE and it works exactly as it says on the tin. However, if you did a minimal installation of FreeBSD you may find that you are missing components of the system which are necessary to perform the encryption (i.e. GEOM). You will need to install some additional distribution sets to overcome this. I haven't pinned this down to a particular distribution set - sorry! Alternatively you could select something like the canned distribution set "Developer" during a new installation. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|