Mercurial Mercurial > notes / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
freebsd/virtual-disk-encryption howto
authorTomas Zeman <tzeman@volny.cz>
Mon, 23 May 2011 09:46:22 +0200
changeset 5 b6a30994129b
parent 4 fc8ef67f3710
child 6 f712e7140d1c
freebsd/virtual-disk-encryption howto
freebsd/virtual-disk-encryption file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/freebsd/virtual-disk-encryption	Mon May 23 09:46:22 2011 +0200
@@ -0,0 +1,117 @@
+http://forums.freebsd.org/showthread.php?t=20382
+
+Create a virtual disk with a blocksize of 4096
+% dd if=/dev/zero of=imageFile bs=4k count=<count of 4k blocks>
+Create a file backed device
+# mdconfig -a -t vnode -f imageFile -u 0
+Now for the configuration of the geli(1) tool.
+
+Fetch some random data to encrypt the master key with
+# dd if=/dev/random of=/root/md0.key bs=64 count=1
+Init the device with geli (question for passphrase here)
+# geli init -s 4096 -K /root/md0.key /dev/md0
+attach geli with the key to the newly created device
+# geli attach -k /root/md0.key /dev/md0
+This will create a device called /dev/md0.eli which is used in all
+future commands.
+
+Create a new filesystem on the virtual disk
+# newfs /dev/md0.eli
+Mount the disk
+# mount /dev/md0.eli <mountpoint>
+Now you can use the disk, do whatever you want with it.
+
+To securely unmount the device
+# umount <mountpoint>
+# geli detach md0.eli
+To restore from your metadata backups, for example if you accidentially
+cleared the device with geli(1).
+# geli restore /var/backups/md0.eli /dev/md0
+Detach the memory disk completely from the system
+# mdconfig -d -u 0
+That's about it, with these simple commands you can create, encrypt and
+use a virtual memory disk.
+
+Here are two really simple shell scripts that will take care of mounting
+and unmounting the created memory disks:
+
+mountImage.sh
+Code:
+
+#!/bin/sh
+# Basic script to mount memory disks
+
+mountImage()
+{
+	dev=$1
+	dir=$2
+	echo "mounting $dev at $dir"
+	mount $dev $dir
+}
+
+echo "Give me the name of the image to mount"
+read image
+
+echo "Where to mount it?"
+read mountDir
+
+echo "Where is the geli key?"
+read geliKey
+
+baseDevice="/dev/md"
+
+# get the first free minor number to mount it to
+for minorNumber in 0 1 2 3 4 5 6 7 8 9 10
+do
+	device=$baseDevice$minorNumber
+	if [ -e $device ]
+	then
+	else
+		echo "Found free device $device"
+		break
+	fi
+done
+
+echo "Using $device to mount $image"
+
+mdconfig -a -t vnode -f $image -u $minorNumber
+
+exitStatus=$?
+if [ $exitStatus -eq 0 ]
+then
+	echo "Created $device from $image"
+	geli attach -k $geliKey $device
+	if [ $? -eq 0 ]
+	then
+		mountImage $device".eli" $mountDir
+	fi
+fi
+
+
+and
+umountImage.sh
+
+Code:
+
+#!/bin/sh
+
+echo "What dir to unmount?"
+read umountDir
+
+echo "What device to detach with geli? (md0, md1, ...)"
+read geliDevice
+
+echo "Whats its minornumber? (0, 1, ...)"
+read minor
+
+umount $umountDir
+
+device="/dev/"$geliDevice".eli"
+
+if [ -e $device ]
+then
+	geli detach $device
+	mdconfig -d -u $minor
+fi
+
+
notes