- Various SGML fixes (use of correct tags);
- Avoid the capitalization of the geli command; - In disk encryption section, reword a sentence mentioning old removed swap encryption stuff; - Slight rewording of a title to match what we really talk about; - Punctuation fix where needed.
This commit is contained in:
Marc Fonvieille
parent
443c4cf6d8
commit
b25a3f90d9
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=30660
1 changed files with 15 additions and 18 deletions
|
|
@ -3748,8 +3748,8 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
provided. Arguments for this script can be passed via
|
||||
&man.rc.conf.5;, for example:</para>
|
||||
|
||||
<screen>gbde_autoattach_all="YES"
|
||||
gbde_devices="ad4s1c"</screen>
|
||||
<programlisting>gbde_autoattach_all="YES"
|
||||
gbde_devices="ad4s1c"</programlisting>
|
||||
|
||||
<para>This will require that the <application>gbde</application>
|
||||
passphrase be entered at boot time. After typing the correct
|
||||
|
|
@ -3805,7 +3805,7 @@ gbde_devices="ad4s1c"</screen>
|
|||
|
||||
<para>A new cryptographic GEOM class is available as of &os; 6.0 -
|
||||
<command>geli</command>. It is currently being developed by
|
||||
&a.pjd;. <command>Geli</command> is different to
|
||||
&a.pjd;. The <command>geli</command> utility is different to
|
||||
<command>gbde</command>; it offers different features and uses
|
||||
a different scheme for doing cryptographic work.</para>
|
||||
|
||||
|
|
@ -3851,9 +3851,7 @@ gbde_devices="ad4s1c"</screen>
|
|||
|
||||
<para>The next steps will describe how to enable support for
|
||||
<command>geli</command> in the &os; kernel and will explain how
|
||||
to create a new <command>geli</command> encryption provider. At
|
||||
the end it will be demonstrated how to create an encrypted swap
|
||||
partition using features provided by <command>geli</command>.</para>
|
||||
to create and use a <command>geli</command> encryption provider.</para>
|
||||
|
||||
<para>In order to use <command>geli</command>, you must be running
|
||||
&os; 6.0-RELEASE or later. Super-user privileges will be
|
||||
|
|
@ -3861,14 +3859,13 @@ gbde_devices="ad4s1c"</screen>
|
|||
|
||||
<procedure>
|
||||
<step>
|
||||
<title>Adding <command>geli</command> Support to the Kernel
|
||||
Configuration File</title>
|
||||
<title>Adding <command>geli</command> Support to the Kernel</title>
|
||||
|
||||
<para>Add the following lines to the kernel configuration
|
||||
file:</para>
|
||||
|
||||
<screen>options GEOM_ELI
|
||||
device crypto</screen>
|
||||
<programlisting>options GEOM_ELI
|
||||
device crypto</programlisting>
|
||||
|
||||
<para>Rebuild the kernel as described in <xref
|
||||
linkend="kernelconfig">.</para>
|
||||
|
|
@ -3877,7 +3874,7 @@ device crypto</screen>
|
|||
be loaded at boot time. Add the following line to the
|
||||
<filename>/boot/loader.conf</filename>:</para>
|
||||
|
||||
<para><literal>geom_eli_load="YES"</literal></para>
|
||||
<programlisting>geom_eli_load="YES"</programlisting>
|
||||
|
||||
<para>&man.geli.8; should now be supported by the kernel.</para>
|
||||
</step>
|
||||
|
|
@ -3943,7 +3940,7 @@ Enter passphrase:</screen>
|
|||
&prompt.root; <userinput>mount /dev/da2.eli /private</userinput></screen>
|
||||
|
||||
<para>The encrypted file system should be visible to &man.df.1;
|
||||
and be available for use now.</para>
|
||||
and be available for use now:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>df -H</userinput>
|
||||
Filesystem Size Used Avail Capacity Mounted on
|
||||
|
|
@ -3981,8 +3978,8 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
An example of configuring <command>geli</command> through
|
||||
&man.rc.conf.5; follows:</para>
|
||||
|
||||
<screen>geli_devices="da2"
|
||||
geli_da2_flags="-p -k /root/da2.key"</screen>
|
||||
<programlisting>geli_devices="da2"
|
||||
geli_da2_flags="-p -k /root/da2.key"</programlisting>
|
||||
|
||||
<para>This will configure <filename>/dev/da2</filename> as a
|
||||
<command>geli</command> provider of which the Master Key file
|
||||
|
|
@ -4067,10 +4064,10 @@ geli_da2_flags="-p -k /root/da2.key"</screen>
|
|||
<literal>.bde</literal> suffix should be added to the device in the
|
||||
respective <filename>/etc/fstab</filename> swap line:</para>
|
||||
|
||||
<screen>
|
||||
<programlisting>
|
||||
# Device Mountpoint FStype Options Dump Pass#
|
||||
/dev/ad0s1b.bde none swap sw 0 0
|
||||
</screen>
|
||||
</programlisting>
|
||||
|
||||
<para>For systems prior to &os; 6.0-RELEASE, the following line
|
||||
in <filename>/etc/rc.conf</filename> is also needed:</para>
|
||||
|
|
@ -4086,10 +4083,10 @@ geli_da2_flags="-p -k /root/da2.key"</screen>
|
|||
<literal>.eli</literal> suffix should be added to the device in the
|
||||
respective <filename>/etc/fstab</filename> swap line:</para>
|
||||
|
||||
<screen>
|
||||
<programlisting>
|
||||
# Device Mountpoint FStype Options Dump Pass#
|
||||
/dev/ad0s1b.eli none swap sw 0 0
|
||||
</screen>
|
||||
</programlisting>
|
||||
|
||||
<para>&man.geli.8; uses the <acronym>AES</acronym> algorithm with
|
||||
a key length of 256 bit by default.</para>
|
||||
|
|
|
|||
Loading…
Reference in a new issue