Mercurial Mercurial > notes / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
freebsd/virtual-disk-encryption
author Tomas Zeman <tzeman@volny.cz>
Sun, 25 Aug 2013 21:04:14 +0200
changeset 34 11d20ddca9d8
parent 5 b6a30994129b
permissions -rw-r--r--
scm/hg-git-rosetta-stone: simplified mapping between hg commands and git commands If you know how to use hg very well and just looking at how to do the same things in git, this page is right for you. Use it like a dictionary hg -> git.

http://forums.freebsd.org/showthread.php?t=20382

Create a virtual disk with a blocksize of 4096
% dd if=/dev/zero of=imageFile bs=4k count=<count of 4k blocks>
Create a file backed device
# mdconfig -a -t vnode -f imageFile -u 0
Now for the configuration of the geli(1) tool.

Fetch some random data to encrypt the master key with
# dd if=/dev/random of=/root/md0.key bs=64 count=1
Init the device with geli (question for passphrase here)
# geli init -s 4096 -K /root/md0.key /dev/md0
attach geli with the key to the newly created device
# geli attach -k /root/md0.key /dev/md0
This will create a device called /dev/md0.eli which is used in all
future commands.

Create a new filesystem on the virtual disk
# newfs /dev/md0.eli
Mount the disk
# mount /dev/md0.eli <mountpoint>
Now you can use the disk, do whatever you want with it.

To securely unmount the device
# umount <mountpoint>
# geli detach md0.eli
To restore from your metadata backups, for example if you accidentially
cleared the device with geli(1).
# geli restore /var/backups/md0.eli /dev/md0
Detach the memory disk completely from the system
# mdconfig -d -u 0
That's about it, with these simple commands you can create, encrypt and
use a virtual memory disk.

Here are two really simple shell scripts that will take care of mounting
and unmounting the created memory disks:

mountImage.sh
Code:

#!/bin/sh
# Basic script to mount memory disks

mountImage()
{
	dev=$1
	dir=$2
	echo "mounting $dev at $dir"
	mount $dev $dir
}

echo "Give me the name of the image to mount"
read image

echo "Where to mount it?"
read mountDir

echo "Where is the geli key?"
read geliKey

baseDevice="/dev/md"

# get the first free minor number to mount it to
for minorNumber in 0 1 2 3 4 5 6 7 8 9 10
do
	device=$baseDevice$minorNumber
	if [ -e $device ]
	then
	else
		echo "Found free device $device"
		break
	fi
done

echo "Using $device to mount $image"

mdconfig -a -t vnode -f $image -u $minorNumber

exitStatus=$?
if [ $exitStatus -eq 0 ]
then
	echo "Created $device from $image"
	geli attach -k $geliKey $device
	if [ $? -eq 0 ]
	then
		mountImage $device".eli" $mountDir
	fi
fi


and
umountImage.sh

Code:

#!/bin/sh

echo "What dir to unmount?"
read umountDir

echo "What device to detach with geli? (md0, md1, ...)"
read geliDevice

echo "Whats its minornumber? (0, 1, ...)"
read minor

umount $umountDir

device="/dev/"$geliDevice".eli"

if [ -e $device ]
then
	geli detach $device
	mdconfig -d -u $minor
fi
notes