Add a note (step) showing that you can load gdbe using kldload(8);
at this time there is no loader.conf variable in defaults/loader.conf in 6, note that. Remove some old cruft and reword near sentence to keep flow going smoothly. Two spaces between the end of a sentence and the beginning of a new sentence. PR: 86733 Submitted by: Josh Paetzel (patch rewritten by me)
This commit is contained in:
Tom Rhodes
parent
ae5db97cff
commit
8a2c586e32
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=29003
1 changed files with 16 additions and 5 deletions
|
|
@ -1145,6 +1145,17 @@ scsibus1:
|
|||
|
||||
<screen>&prompt.root; <userinput>burncd -f <replaceable>/dev/acd0</replaceable> audio track1.cdr track2.cdr <replaceable>...</replaceable> fixate</userinput></screen>
|
||||
</step>
|
||||
|
||||
<step>
|
||||
<para>An alternative to recompiling the kernel is to use
|
||||
<command>kldload</command> to load &man.gbde.4;:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>kldload geom_bde</userinput></screen>
|
||||
|
||||
<para>At this time there is no option in
|
||||
<filename>/boot/loader.conf</filename>
|
||||
to load the kernel module at boot time.</para>
|
||||
</step>
|
||||
</procedure>
|
||||
</sect2>
|
||||
|
||||
|
|
@ -3414,7 +3425,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
|
|||
unauthorized data access. File permissions and Mandatory
|
||||
Access Control (MAC) (see <xref linkend="mac">) help prevent
|
||||
unauthorized third-parties from accessing data while the operating
|
||||
system is active and the computer is powered up. However,
|
||||
system is active and the computer is powered up. However,
|
||||
the permissions enforced by the operating system are irrelevant if an
|
||||
attacker has physical access to a computer and can simply move
|
||||
the computer's hard drive to another system to copy and analyze
|
||||
|
|
@ -3428,7 +3439,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
|
|||
highly-motivated attackers with significant resources. Unlike
|
||||
cumbersome encryption methods that encrypt only individual files,
|
||||
<command>gbde</command> and <command>geli</command> transparently
|
||||
encrypt entire file systems. No cleartext ever touches the hard
|
||||
encrypt entire file systems. No cleartext ever touches the hard
|
||||
drive's platter.</para>
|
||||
|
||||
<sect2>
|
||||
|
|
@ -3478,7 +3489,7 @@ Password:</screen>
|
|||
<para>Install the new drive to the system as explained in <xref
|
||||
linkend="disks-adding">. For the purposes of this example,
|
||||
a new hard drive partition has been added as
|
||||
<filename>/dev/ad4s1c</filename>. The
|
||||
<filename>/dev/ad4s1c</filename>. The
|
||||
<filename>/dev/ad0s1<replaceable>*</replaceable></filename>
|
||||
devices represent existing standard FreeBSD partitions on
|
||||
the example system.</para>
|
||||
|
|
@ -3670,11 +3681,11 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
|
||||
<para>It is possible to create a script to automatically attach,
|
||||
check, and mount an encrypted partition, but for security reasons
|
||||
the script should not contain the &man.gbde.8; password. Instead,
|
||||
the script should not contain the &man.gbde.8; password. Instead,
|
||||
it is recommended that such scripts be run manually while
|
||||
providing the password via the console or &man.ssh.1;.</para>
|
||||
|
||||
<para>As of &os; 5.2-RELEASE, there is a new <filename>rc.d</filename> script
|
||||
<para>As an alternative, an <filename>rc.d</filename> script is
|
||||
provided. Arguments for this script can be passed via
|
||||
&man.rc.conf.5;, for example:</para>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue