Index: en_US.ISO8859-1/books/handbook/disks/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/disks/chapter.xml
+++ en_US.ISO8859-1/books/handbook/disks/chapter.xml
@@ -2878,7 +2878,7 @@
This section demonstrates how to configure an encrypted
swap partition using &man.gbde.8; or &man.geli.8; encryption.
It assumes a UFS file system where
- /dev/ad0s1b is the swap partition.
+ /dev/ada0s1b is the swap partition.
Configuring Encrypted Swap
@@ -2888,31 +2888,55 @@
the current swap partition with random garbage, execute the
following command:
- &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m
+ &prompt.root; dd if=/dev/random of=/dev/ada0s1b bs=1m
To encrypt the swap partition using &man.gbde.8;, add the
.bde suffix to the swap line in
/etc/fstab:
# Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.bde none swap sw 0 0
+/dev/ada0s1b.bde none swap sw 0 0
To instead encrypt the swap partition using &man.geli.8;,
use the
.eli suffix:
- # Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.eli none swap sw 0 0
+ # Device Mountpoint FStype Options Dump Pass#
+/dev/ada0s1b.eli none swap sw 0 0
By default, &man.geli.8; uses the AES
- algorithm with a key length of 128 bit. These defaults can be
- altered by using geli_swap_flags in
- /etc/rc.conf. The following flags
- configure encryption using the Blowfish algorithm with a key
- length of 128 bits and a sectorsize of 4 kilobytes, and sets
- detach on last close
:
+ algorithm with a key length of 256 bit. These defaults can be
+ altered by using the options field in
+ /etc/fstab. The possible flags
+ are:
+
+
+ aalgo - Data integrity verification algorithm
+ used to ensure that the encrypted data has not been
+ tampered with. See &man.geli.8; for a list of supported
+ algorithms.
+
+ ealgo - Encryption algorithm used to protect
+ the data. See &man.geli.8; for a list of supported
+ algorithms.
+
+ keylen - The length of the key used for the
+ encryption algorithm. See &man.geli.8; for a list of
+ which key lengths are supported by which encryption
+ algorithms.
+
+ sectorsize - The size of the sectors used for
+ encryption. Larger sector sizes increase performance as
+ the cost of higher storage overhead.
+
+
+
+ This example
+ configures encryption using the Blowfish algorithm with a key
+ length of 128 bits and a sectorsize of 4 kilobytes:
- geli_swap_flags="-e blowfish -l 128 -s 4096 -d"
+ # Device Mountpoint FStype Options Dump Pass#
+/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0
Refer to the description of onetime in
&man.geli.8; for a list of possible options.
@@ -2929,13 +2953,13 @@
&prompt.user; swapinfo
Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.bde 542720 0 542720 0%
+/dev/ada0s1b.bde 542720 0 542720 0%
If &man.geli.8; is being used:
&prompt.user; swapinfo
Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.eli 542720 0 542720 0%
+/dev/ada0s1b.eli 542720 0 542720 0%