Improve recently committed GDBE section.
* Capitalize section titles. * Use more descriptive DocBook tags. * Improve a few references. * Improve a few sentences. PR: docs/51598 Submitted by: bmah (mostly)
This commit is contained in:
Murray Stokely
parent
13a1a04980
commit
d0033cfa5d
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=16775
1 changed files with 17 additions and 15 deletions
|
|
@ -2801,7 +2801,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
|
||||||
touches the hard drive's platter.</para>
|
touches the hard drive's platter.</para>
|
||||||
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Enabling gbde in the kernel</title>
|
<title>Enabling gbde in the Kernel</title>
|
||||||
|
|
||||||
<procedure>
|
<procedure>
|
||||||
<step>
|
<step>
|
||||||
|
|
@ -2829,10 +2829,10 @@ Password:</screen>
|
||||||
<para>Using your favorite text editor, add the following
|
<para>Using your favorite text editor, add the following
|
||||||
line to your kernel configuration file:</para>
|
line to your kernel configuration file:</para>
|
||||||
|
|
||||||
<para><filename>options GEOM_BDE</filename></para>
|
<para><literal>options GEOM_BDE</literal></para>
|
||||||
|
|
||||||
<para>Configure and recompile the FreeBSD kernel. If you
|
<para>Configure, recompile, and install the FreeBSD kernel.
|
||||||
don't know how to create a custom kernel, see <xref
|
This process is described in <xref
|
||||||
linkend="kernelconfig">.</para>
|
linkend="kernelconfig">.</para>
|
||||||
|
|
||||||
<para>Reboot into the new kernel.</para>
|
<para>Reboot into the new kernel.</para>
|
||||||
|
|
@ -2842,7 +2842,7 @@ Password:</screen>
|
||||||
|
|
||||||
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Preparing the encrypted hard drive</title>
|
<title>Preparing the Encrypted Hard Drive</title>
|
||||||
|
|
||||||
<para>The following example assumes that you are adding a new hard
|
<para>The following example assumes that you are adding a new hard
|
||||||
drive to your system that will hold a single encrypted partition.
|
drive to your system that will hold a single encrypted partition.
|
||||||
|
|
@ -2922,7 +2922,7 @@ sector_size = 2048
|
||||||
url="http://world.std.com/~reinhold/diceware.html">Diceware
|
url="http://world.std.com/~reinhold/diceware.html">Diceware
|
||||||
Passphrase</ulink> website.</para>
|
Passphrase</ulink> website.</para>
|
||||||
|
|
||||||
<para>The <command>gbde init</command> command created a lock
|
<para>The <command>gbde init</command> command creates a lock
|
||||||
file for your <application>gbde</application> partition that in
|
file for your <application>gbde</application> partition that in
|
||||||
this example has been stored as
|
this example has been stored as
|
||||||
<filename>/etc/gbde/ad4s1c</filename>.</para>
|
<filename>/etc/gbde/ad4s1c</filename>.</para>
|
||||||
|
|
@ -2965,14 +2965,16 @@ sector_size = 2048
|
||||||
system on the encrypted device, use &man.newfs.8;. Since it is
|
system on the encrypted device, use &man.newfs.8;. Since it is
|
||||||
much faster to initialize a new UFS2 file system than it is to
|
much faster to initialize a new UFS2 file system than it is to
|
||||||
initialize the old UFS file system, using &man.newfs.8; with
|
initialize the old UFS file system, using &man.newfs.8; with
|
||||||
the <command>-O2</command> option is recommended.</para>
|
the <option>-O2</option> option is recommended.</para>
|
||||||
|
|
||||||
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
|
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>The newfs must be performed on an attached
|
<para>The &man.newfs.8; command must be performed on an
|
||||||
<application>gbde</application> partition which is identified
|
attached <application>gbde</application> partition which
|
||||||
by a *.bde extension to the device name.</para>
|
is identified by a
|
||||||
|
<filename><replaceable>*</replaceable>.bde</filename>
|
||||||
|
extension to the device name.</para>
|
||||||
</note>
|
</note>
|
||||||
</step>
|
</step>
|
||||||
|
|
||||||
|
|
@ -3007,7 +3009,7 @@ Filesystem Size Used Avail Capacity Mounted on
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Mounting existing encrypted file systems</title>
|
<title>Mounting Existing Encrypted File Systems</title>
|
||||||
|
|
||||||
<para>After each boot, any encrypted file systems must be
|
<para>After each boot, any encrypted file systems must be
|
||||||
re-attached to the kernel, checked for errors, and mounted, before
|
re-attached to the kernel, checked for errors, and mounted, before
|
||||||
|
|
@ -3047,7 +3049,7 @@ Filesystem Size Used Avail Capacity Mounted on
|
||||||
</procedure>
|
</procedure>
|
||||||
|
|
||||||
<sect3>
|
<sect3>
|
||||||
<title>Automatically mounting encrypted partitions</title>
|
<title>Automatically Mounting Encrypted Partitions</title>
|
||||||
|
|
||||||
<para>It is possible to create a script to automatically attach,
|
<para>It is possible to create a script to automatically attach,
|
||||||
check, and mount an encrypted partition, but for security reasons
|
check, and mount an encrypted partition, but for security reasons
|
||||||
|
|
@ -3057,7 +3059,7 @@ Filesystem Size Used Avail Capacity Mounted on
|
||||||
</sect3>
|
</sect3>
|
||||||
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Cryptographic protections employed by gbde</title>
|
<title>Cryptographic Protections Employed by gbde</title>
|
||||||
|
|
||||||
<para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
|
<para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
|
||||||
CBC mode. Each sector on the disk is encrypted with a different
|
CBC mode. Each sector on the disk is encrypted with a different
|
||||||
|
|
@ -3067,11 +3069,11 @@ Filesystem Size Used Avail Capacity Mounted on
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Compatibility issues</title>
|
<title>Compatibility Issues</title>
|
||||||
|
|
||||||
<para>&man.sysinstall.8; is incompatible with
|
<para>&man.sysinstall.8; is incompatible with
|
||||||
<application>gbde</application>-encrypted devices. All
|
<application>gbde</application>-encrypted devices. All
|
||||||
<devicename>*.bde</devicename> devices must be detached from the
|
<devicename><replaceable>*</replaceable>.bde</devicename> devices must be detached from the
|
||||||
kernel before starting &man.sysinstall.8; or it will crash during
|
kernel before starting &man.sysinstall.8; or it will crash during
|
||||||
its initial probing for devices. To detach the encrypted device
|
its initial probing for devices. To detach the encrypted device
|
||||||
used in our example, use the following command:</para>
|
used in our example, use the following command:</para>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue