Encrypted Filesystems

Introduction

You might be asking yourself what is an encrypted filesystem good for? There are many answers, and a few might be storage of: RSA private keys, password lists, tripwire checksums, Mafia book keeping, plans for world domination, or whatever you can think of! When the men in black suits come to get your private info, they will have a very difficult job. You will be using the following commands in this exercises: dd, df, gbde, mdconfig, and mount.

First thing is to man the above commands, and take a look at the "Encrypted Filesystem" example in the FreeBSD Handbook. This is an extension of the example found in the handbook.

Configuration

Load GEOM_BDE support into the kernel. (Note: if you wish, you may also add GEOM_BDE support to the kernel statically and recompile it - use options GEOM_BDE.)

masta# kldload geom_bde

If you chose to use dynamic GEOM kernel support instead of recompiling it into the kernel, you may also want to make sure it's autoloaded at boot time from here on out:

masta# echo geom_bde_load="YES" >> /boot/loader.conf

Create a few directories. One for lock files, and the other for a mount point.

masta# mkdir /private
masta# mkdir /etc