Pawel Jakub Dawidek wrote: > On Thu, Oct 25, 2007 at 12:46:53AM +0800, Daniel Marsh wrote: >> Even if all data on a drive is encrypted, the partition table is not. >> Software based disk encryption works on partitions. > > That's not true. One can configure full disk encryption using GELI. To > do it you need to have a small USB pen-drive or CD-ROM with /boot/ > directory, but that's all you need. Then you actually boot from your > unencrypted pen-drive, but mount all file systems from encrypted disk. > The pen-drive is not needed for your system to run and you can be easly > take it with you, which is not always the case for your laptop.
This is EXACTLY what I have now. Soon as the machine is booted, my thumb disk comes with me. The ONLY information on the thumb drive is /boot, a directory /keys and an /etc that has only an fstab (to mount the .eli partitions from the hard disk) and a loader.conf file to locate the keys. This was originally my objective and have got it in place. Now the machine is nearly upgraded to 7.0. Steve _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
