diff -r fc8ef67f3710 -r b6a30994129b freebsd/virtual-disk-encryption --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/freebsd/virtual-disk-encryption Mon May 23 09:46:22 2011 +0200 @@ -0,0 +1,117 @@ +http://forums.freebsd.org/showthread.php?t=20382 + +Create a virtual disk with a blocksize of 4096 +% dd if=/dev/zero of=imageFile bs=4k count= +Create a file backed device +# mdconfig -a -t vnode -f imageFile -u 0 +Now for the configuration of the geli(1) tool. + +Fetch some random data to encrypt the master key with +# dd if=/dev/random of=/root/md0.key bs=64 count=1 +Init the device with geli (question for passphrase here) +# geli init -s 4096 -K /root/md0.key /dev/md0 +attach geli with the key to the newly created device +# geli attach -k /root/md0.key /dev/md0 +This will create a device called /dev/md0.eli which is used in all +future commands. + +Create a new filesystem on the virtual disk +# newfs /dev/md0.eli +Mount the disk +# mount /dev/md0.eli +Now you can use the disk, do whatever you want with it. + +To securely unmount the device +# umount +# geli detach md0.eli +To restore from your metadata backups, for example if you accidentially +cleared the device with geli(1). +# geli restore /var/backups/md0.eli /dev/md0 +Detach the memory disk completely from the system +# mdconfig -d -u 0 +That's about it, with these simple commands you can create, encrypt and +use a virtual memory disk. + +Here are two really simple shell scripts that will take care of mounting +and unmounting the created memory disks: + +mountImage.sh +Code: + +#!/bin/sh +# Basic script to mount memory disks + +mountImage() +{ + dev=$1 + dir=$2 + echo "mounting $dev at $dir" + mount $dev $dir +} + +echo "Give me the name of the image to mount" +read image + +echo "Where to mount it?" +read mountDir + +echo "Where is the geli key?" +read geliKey + +baseDevice="/dev/md" + +# get the first free minor number to mount it to +for minorNumber in 0 1 2 3 4 5 6 7 8 9 10 +do + device=$baseDevice$minorNumber + if [ -e $device ] + then + else + echo "Found free device $device" + break + fi +done + +echo "Using $device to mount $image" + +mdconfig -a -t vnode -f $image -u $minorNumber + +exitStatus=$? +if [ $exitStatus -eq 0 ] +then + echo "Created $device from $image" + geli attach -k $geliKey $device + if [ $? -eq 0 ] + then + mountImage $device".eli" $mountDir + fi +fi + + +and +umountImage.sh + +Code: + +#!/bin/sh + +echo "What dir to unmount?" +read umountDir + +echo "What device to detach with geli? (md0, md1, ...)" +read geliDevice + +echo "Whats its minornumber? (0, 1, ...)" +read minor + +umount $umountDir + +device="/dev/"$geliDevice".eli" + +if [ -e $device ] +then + geli detach $device + mdconfig -d -u $minor +fi + +