Improve recently committed GDBE section.
* Capitalize section titles. * Use more descriptive DocBook tags. * Improve a few references. * Improve a few sentences. PR: docs/51598 Submitted by: bmah (mostly)
This commit is contained in:
Murray Stokely
parent
13a1a04980
commit
d0033cfa5d
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=16775
1 changed files with 17 additions and 15 deletions
|
|
@ -2801,7 +2801,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
|
|||
touches the hard drive's platter.</para>
|
||||
|
||||
<sect2>
|
||||
<title>Enabling gbde in the kernel</title>
|
||||
<title>Enabling gbde in the Kernel</title>
|
||||
|
||||
<procedure>
|
||||
<step>
|
||||
|
|
@ -2829,10 +2829,10 @@ Password:</screen>
|
|||
<para>Using your favorite text editor, add the following
|
||||
line to your kernel configuration file:</para>
|
||||
|
||||
<para><filename>options GEOM_BDE</filename></para>
|
||||
<para><literal>options GEOM_BDE</literal></para>
|
||||
|
||||
<para>Configure and recompile the FreeBSD kernel. If you
|
||||
don't know how to create a custom kernel, see <xref
|
||||
<para>Configure, recompile, and install the FreeBSD kernel.
|
||||
This process is described in <xref
|
||||
linkend="kernelconfig">.</para>
|
||||
|
||||
<para>Reboot into the new kernel.</para>
|
||||
|
|
@ -2842,7 +2842,7 @@ Password:</screen>
|
|||
|
||||
|
||||
<sect2>
|
||||
<title>Preparing the encrypted hard drive</title>
|
||||
<title>Preparing the Encrypted Hard Drive</title>
|
||||
|
||||
<para>The following example assumes that you are adding a new hard
|
||||
drive to your system that will hold a single encrypted partition.
|
||||
|
|
@ -2922,7 +2922,7 @@ sector_size = 2048
|
|||
url="http://world.std.com/~reinhold/diceware.html">Diceware
|
||||
Passphrase</ulink> website.</para>
|
||||
|
||||
<para>The <command>gbde init</command> command created a lock
|
||||
<para>The <command>gbde init</command> command creates a lock
|
||||
file for your <application>gbde</application> partition that in
|
||||
this example has been stored as
|
||||
<filename>/etc/gbde/ad4s1c</filename>.</para>
|
||||
|
|
@ -2965,14 +2965,16 @@ sector_size = 2048
|
|||
system on the encrypted device, use &man.newfs.8;. Since it is
|
||||
much faster to initialize a new UFS2 file system than it is to
|
||||
initialize the old UFS file system, using &man.newfs.8; with
|
||||
the <command>-O2</command> option is recommended.</para>
|
||||
the <option>-O2</option> option is recommended.</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
|
||||
|
||||
<note>
|
||||
<para>The newfs must be performed on an attached
|
||||
<application>gbde</application> partition which is identified
|
||||
by a *.bde extension to the device name.</para>
|
||||
<para>The &man.newfs.8; command must be performed on an
|
||||
attached <application>gbde</application> partition which
|
||||
is identified by a
|
||||
<filename><replaceable>*</replaceable>.bde</filename>
|
||||
extension to the device name.</para>
|
||||
</note>
|
||||
</step>
|
||||
|
||||
|
|
@ -3007,7 +3009,7 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Mounting existing encrypted file systems</title>
|
||||
<title>Mounting Existing Encrypted File Systems</title>
|
||||
|
||||
<para>After each boot, any encrypted file systems must be
|
||||
re-attached to the kernel, checked for errors, and mounted, before
|
||||
|
|
@ -3047,7 +3049,7 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
</procedure>
|
||||
|
||||
<sect3>
|
||||
<title>Automatically mounting encrypted partitions</title>
|
||||
<title>Automatically Mounting Encrypted Partitions</title>
|
||||
|
||||
<para>It is possible to create a script to automatically attach,
|
||||
check, and mount an encrypted partition, but for security reasons
|
||||
|
|
@ -3057,7 +3059,7 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
</sect3>
|
||||
|
||||
<sect2>
|
||||
<title>Cryptographic protections employed by gbde</title>
|
||||
<title>Cryptographic Protections Employed by gbde</title>
|
||||
|
||||
<para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
|
||||
CBC mode. Each sector on the disk is encrypted with a different
|
||||
|
|
@ -3067,11 +3069,11 @@ Filesystem Size Used Avail Capacity Mounted on
|
|||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Compatibility issues</title>
|
||||
<title>Compatibility Issues</title>
|
||||
|
||||
<para>&man.sysinstall.8; is incompatible with
|
||||
<application>gbde</application>-encrypted devices. All
|
||||
<devicename>*.bde</devicename> devices must be detached from the
|
||||
<devicename><replaceable>*</replaceable>.bde</devicename> devices must be detached from the
|
||||
kernel before starting &man.sysinstall.8; or it will crash during
|
||||
its initial probing for devices. To detach the encrypted device
|
||||
used in our example, use the following command:</para>
|
||||
|
|
|
|||
Loading…
Reference in a new issue