On 11/04/2012 00:06, Robert Simmons wrote: > On Tue, Apr 10, 2012 at 6:25 PM, Fa bio <fa-h-2...@hotmail.com> wrote: >> Hello! >> >> >> >> The ideia is: you can run the system but you cannot access the sources >> inside it, what is very interesting when you work with PHP, for example. >> >> >> >> So, when machine is off nobody can read data from it because it is encrypted. >> >> >> >> When you turn the machine on it automatically enter a passphase or key >> witch are hidden somewhere that we cannot detect! Amazing! >> >> >> >> My guess is that the keys/passphrase are compiled inside the kernel, so >> it´s quite impossible to access it, but at the same time you can use the >> system! >> >> >> >> I used the system without internet access and it mounted the partition >> ok! That´s why I think that the "magic" is in the kernel! >> >> >> >> Any ideas how it´s done? > There are two options: > > 1) The key is in a file on the CD. > > 2) It is using geli onetime. > > The first choice above is stupid. Every copy of the software is > therefore using the same key. If you want to have a key that you > don't enter a passphrase for at boot: create the geli provider > yourself, and have the key on a removable device. When the machine is > booting, the device is available. When it is done, you remove your > device with the key and store it somewhere safe. You can use a USB > drive or a CD for this. > > The second choice above is more likely. The cache software that the > OP mentioned would most likely be best served using geli onetime, > which makes sense. If you want to read about geli onetime check the > man page: > http://www.freebsd.org/cgi/man.cgi?query=geli >From a quick look in the mfsroot this looks likely (08:57:31 </mnt/stand/etc/defaults>) 0 root@fbsd2 # grep geli /mnt/stand/etc/defaults/rc.conf geli_devices="" geli_tries="" geli_default_flags="" geli_autodetach="YES" geli_swap_flags="-e aes -l 256 -s 4096 -d"
Running sysinstall in the /stand dir on the mfsroot gives what i assume is the installer (it was in Portuguese so not certain.) I didnt look further. (to the OP, I just mounted the ISO using mdconfig, gunziped the mfsroot.gz in the boot dir then mounted that mfsroot using mdconfig again.) Vince > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org" _______________________________________________ freebsd-geom@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org"
