Lars Sommer, [email protected], 2010-01-27
Based on: http://www.freebsd.org/doc/handbook/disks-encrypting.html
I am using harddrives two and two in RAID1 with geom_mirror. After creating a mirror, I encrypt it using GELI. Loading the GELI module for now: kldload geom_eli Insert into /boot/loader.conf: geom_eli_load="YES" In this example my geom_mirror is called gm2 and resides in /dev/mirror/gm2 Create the master key and attach it to the GELI provider. Then doing a new filesystem on it, and at last mounting it. dd if=/dev/random of=/root/gm2.key bs=64 count=1 geli init -s 4096 -K /root/gm2.key /dev/mirror/gm2 geli attach -k /root/gm2.key /dev/mirror/gm2 dd if=/dev/random of=/dev/mirror/gm2.eli bs=1m newfs /dev/mirror/gm2.eli mount /dev/mirror/gm2.eli /data/2 Consider moving the master key to somewhere safer. I use an USB stick, but I am open for better suggestions. Daily mounting: geli attach -k /root/gm2.key /dev/mirror/gm2 mount /dev/mirror/gm2.eli /data/2 Daily unmounting: umount /data/2 geli detach gm2.eli
