[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: ZFS and GPT boot - size issue bootblock v.s. default of sysinstall
From: Dirk-Willem van Gulik <dirkx () webweaving ! org>
Date: 2016-12-30 18:35:19
Message-ID: AA9367DE-A56B-458A-927D-C228386507E9 () webweaving ! org
[Download RAW message or body]
> On 30 Dec 2016, at 19:25, Allan Jude <allanjude@freebsd.org> wrote:
> >
> > > The other option is to rebuild gptzfsboot without GELI support, and then
> > > it will be under 64 KB.
> >
> > Unfortunately - we rather rely on GELI and PKCS#11.
>
> This would only apply to gptzfsboot, the new feature I introduced in
> 11.0 that allows you to have even the /boot directory encrypted (rather
> than having an unencrypted ufs partition, or a 2nd zpool that is not
> encrypted).
>
> If you are upgrading from 10.x or earlier, you can use gptzfsboot
> without GELI, since it didn't exist before.
Ah - good to know. thanks for that!
We're not quite there yet - as we need a modicum of PKCS#11 to negotiate with the TPM \
(or on low end archive machines; a USB smartcard/token) - i.e a tad beyond \
geli_passphrase().
Dw.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic