Index: en_US.ISO8859-1/books/handbook/disks/chapter.xml =================================================================== --- en_US.ISO8859-1/books/handbook/disks/chapter.xml +++ en_US.ISO8859-1/books/handbook/disks/chapter.xml @@ -2878,7 +2878,7 @@ This section demonstrates how to configure an encrypted swap partition using &man.gbde.8; or &man.geli.8; encryption. It assumes a UFS file system where - /dev/ad0s1b is the swap partition. + /dev/ada0s1b is the swap partition. Configuring Encrypted Swap @@ -2888,34 +2888,73 @@ the current swap partition with random garbage, execute the following command: - &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m + &prompt.root; dd if=/dev/random of=/dev/ada0s1b bs=1m To encrypt the swap partition using &man.gbde.8;, add the .bde suffix to the swap line in /etc/fstab: # Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.bde none swap sw 0 0 +/dev/ada0s1b.bde none swap sw 0 0 To instead encrypt the swap partition using &man.geli.8;, use the .eli suffix: # Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.eli none swap sw 0 0 +/dev/ada0s1b.eli none swap sw 0 0 By default, &man.geli.8; uses the AES - algorithm with a key length of 128 bit. These defaults can be - altered by using geli_swap_flags in - /etc/rc.conf. The following flags - configure encryption using the Blowfish algorithm with a key - length of 128 bits and a sectorsize of 4 kilobytes, and sets - detach on last close: + algorithm with a key length of 256 bits. These defaults can + be altered in the options field in + /etc/fstab. The possible flags + are: + + + + aalgo + + Data integrity verification algorithm used to ensure + that the encrypted data has not been tampered with. See + &man.geli.8; for a list of supported algorithms. + + + + + ealgo + + Encryption algorithm used to protect the data. See + &man.geli.8; for a list of supported algorithms. + + + + + keylen + + The length of the key used for the encryption + algorithm. See &man.geli.8; for the key lengths that + are supported by each encryption algorithm. + + + + + sectorsize + + The size of the blocks data is broken into before + it is encrypted. Larger sector sizes increase + performance at the cost of higher storage + overhead. The recommended size is 4096 bytes. + + + + + This example + configures encryption using the Blowfish algorithm with a key + length of 128 bits and a sectorsize of 4 kilobytes: - geli_swap_flags="-e blowfish -l 128 -s 4096 -d" + # Device Mountpoint FStype Options Dump Pass# +/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0 - Refer to the description of onetime in - &man.geli.8; for a list of possible options. @@ -2929,13 +2968,13 @@ &prompt.user; swapinfo Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.bde 542720 0 542720 0% +/dev/ada0s1b.bde 542720 0 542720 0% If &man.geli.8; is being used: &prompt.user; swapinfo Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.eli 542720 0 542720 0% +/dev/ada0s1b.eli 542720 0 542720 0%