|
1 http://forums.freebsd.org/showthread.php?t=20382 |
|
2 |
|
3 Create a virtual disk with a blocksize of 4096 |
|
4 % dd if=/dev/zero of=imageFile bs=4k count=<count of 4k blocks> |
|
5 Create a file backed device |
|
6 # mdconfig -a -t vnode -f imageFile -u 0 |
|
7 Now for the configuration of the geli(1) tool. |
|
8 |
|
9 Fetch some random data to encrypt the master key with |
|
10 # dd if=/dev/random of=/root/md0.key bs=64 count=1 |
|
11 Init the device with geli (question for passphrase here) |
|
12 # geli init -s 4096 -K /root/md0.key /dev/md0 |
|
13 attach geli with the key to the newly created device |
|
14 # geli attach -k /root/md0.key /dev/md0 |
|
15 This will create a device called /dev/md0.eli which is used in all |
|
16 future commands. |
|
17 |
|
18 Create a new filesystem on the virtual disk |
|
19 # newfs /dev/md0.eli |
|
20 Mount the disk |
|
21 # mount /dev/md0.eli <mountpoint> |
|
22 Now you can use the disk, do whatever you want with it. |
|
23 |
|
24 To securely unmount the device |
|
25 # umount <mountpoint> |
|
26 # geli detach md0.eli |
|
27 To restore from your metadata backups, for example if you accidentially |
|
28 cleared the device with geli(1). |
|
29 # geli restore /var/backups/md0.eli /dev/md0 |
|
30 Detach the memory disk completely from the system |
|
31 # mdconfig -d -u 0 |
|
32 That's about it, with these simple commands you can create, encrypt and |
|
33 use a virtual memory disk. |
|
34 |
|
35 Here are two really simple shell scripts that will take care of mounting |
|
36 and unmounting the created memory disks: |
|
37 |
|
38 mountImage.sh |
|
39 Code: |
|
40 |
|
41 #!/bin/sh |
|
42 # Basic script to mount memory disks |
|
43 |
|
44 mountImage() |
|
45 { |
|
46 dev=$1 |
|
47 dir=$2 |
|
48 echo "mounting $dev at $dir" |
|
49 mount $dev $dir |
|
50 } |
|
51 |
|
52 echo "Give me the name of the image to mount" |
|
53 read image |
|
54 |
|
55 echo "Where to mount it?" |
|
56 read mountDir |
|
57 |
|
58 echo "Where is the geli key?" |
|
59 read geliKey |
|
60 |
|
61 baseDevice="/dev/md" |
|
62 |
|
63 # get the first free minor number to mount it to |
|
64 for minorNumber in 0 1 2 3 4 5 6 7 8 9 10 |
|
65 do |
|
66 device=$baseDevice$minorNumber |
|
67 if [ -e $device ] |
|
68 then |
|
69 else |
|
70 echo "Found free device $device" |
|
71 break |
|
72 fi |
|
73 done |
|
74 |
|
75 echo "Using $device to mount $image" |
|
76 |
|
77 mdconfig -a -t vnode -f $image -u $minorNumber |
|
78 |
|
79 exitStatus=$? |
|
80 if [ $exitStatus -eq 0 ] |
|
81 then |
|
82 echo "Created $device from $image" |
|
83 geli attach -k $geliKey $device |
|
84 if [ $? -eq 0 ] |
|
85 then |
|
86 mountImage $device".eli" $mountDir |
|
87 fi |
|
88 fi |
|
89 |
|
90 |
|
91 and |
|
92 umountImage.sh |
|
93 |
|
94 Code: |
|
95 |
|
96 #!/bin/sh |
|
97 |
|
98 echo "What dir to unmount?" |
|
99 read umountDir |
|
100 |
|
101 echo "What device to detach with geli? (md0, md1, ...)" |
|
102 read geliDevice |
|
103 |
|
104 echo "Whats its minornumber? (0, 1, ...)" |
|
105 read minor |
|
106 |
|
107 umount $umountDir |
|
108 |
|
109 device="/dev/"$geliDevice".eli" |
|
110 |
|
111 if [ -e $device ] |
|
112 then |
|
113 geli detach $device |
|
114 mdconfig -d -u $minor |
|
115 fi |
|
116 |
|
117 |