From 520477c06f3ee3414a10af7cbea40a07f6c025cf Mon Sep 17 00:00:00 2001 From: Allan Jude Date: Sat, 11 Jul 2020 16:18:22 +0000 Subject: [PATCH] Update the GELI handbook to be more accurate The description of the key file incorrectly identified it as the master key PR: 208578 Submitted by: Wout Decre (original version) Reviewed by: bcr, oshogbo Sponsored by: Klara Inc. Event: July 2020 Bugathon Differential Revision: https://reviews.freebsd.org/D15866 --- .../books/handbook/disks/chapter.xml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/disks/chapter.xml b/en_US.ISO8859-1/books/handbook/disks/chapter.xml index ca5c4c3826..cbb2551daa 100644 --- a/en_US.ISO8859-1/books/handbook/disks/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/disks/chapter.xml @@ -2823,15 +2823,20 @@ device crypto Generate the Master Key - The following commands generate a master key - (/root/da2.key) that is protected - with a passphrase. The data source for the key file is - /dev/random and the sector size of - the provider (/dev/da2.eli) is 4kB as - a bigger sector size provides better performance: + The following commands generate a master key that all + data will be encrypted with. This key can never be changed. + Rather than using it directly, it is encrypted with one + or more user keys. The user keys are made up of an + optional combination of random bytes from a file, + /root/da2.key, and/or a passphrase. + In this case, the data source for the key file is + /dev/random. This command also + configures the sector size of the provider + (/dev/da2.eli) as 4kB, for better + performance: &prompt.root; dd if=/dev/random of=/root/da2.key bs=64 count=1 -&prompt.root; geli init -s 4096 -K /root/da2.key /dev/da2 +&prompt.root; geli init -K /root/da2.key -s 4096 /dev/da2 Enter new passphrase: Reenter new passphrase: