Index: en_US.ISO8859-1/books/handbook/disks/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/disks/chapter.xml
+++ en_US.ISO8859-1/books/handbook/disks/chapter.xml
@@ -2878,7 +2878,7 @@
This section demonstrates how to configure an encrypted
swap partition using &man.gbde.8; or &man.geli.8; encryption.
It assumes a UFS file system where
- /dev/ad0s1b is the swap partition.
+ /dev/ada0s1b is the swap partition.
Configuring Encrypted Swap
@@ -2888,34 +2888,73 @@
the current swap partition with random garbage, execute the
following command:
- &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m
+ &prompt.root; dd if=/dev/random of=/dev/ada0s1b bs=1m
To encrypt the swap partition using &man.gbde.8;, add the
.bde suffix to the swap line in
/etc/fstab:
# Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.bde none swap sw 0 0
+/dev/ada0s1b.bde none swap sw 0 0
To instead encrypt the swap partition using &man.geli.8;,
use the
.eli suffix:
# Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.eli none swap sw 0 0
+/dev/ada0s1b.eli none swap sw 0 0
By default, &man.geli.8; uses the AES
- algorithm with a key length of 128 bit. These defaults can be
- altered by using geli_swap_flags in
- /etc/rc.conf. The following flags
- configure encryption using the Blowfish algorithm with a key
- length of 128 bits and a sectorsize of 4 kilobytes, and sets
- detach on last close
:
+ algorithm with a key length of 256 bits. These defaults can
+ be altered in the options field in
+ /etc/fstab. The possible flags
+ are:
+
+
+
+ aalgo
+
+ Data integrity verification algorithm used to ensure
+ that the encrypted data has not been tampered with. See
+ &man.geli.8; for a list of supported algorithms.
+
+
+
+
+ ealgo
+
+ Encryption algorithm used to protect the data. See
+ &man.geli.8; for a list of supported algorithms.
+
+
+
+
+ keylen
+
+ The length of the key used for the encryption
+ algorithm. See &man.geli.8; for the key lengths that
+ are supported by each encryption algorithm.
+
+
+
+
+ sectorsize
+
+ The size of the blocks data is broken into before
+ it is encrypted. Larger sector sizes increase
+ performance at the cost of higher storage
+ overhead. The recommended size is 4096 bytes.
+
+
+
+
+ This example
+ configures encryption using the Blowfish algorithm with a key
+ length of 128 bits and a sectorsize of 4 kilobytes:
- geli_swap_flags="-e blowfish -l 128 -s 4096 -d"
+ # Device Mountpoint FStype Options Dump Pass#
+/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0
- Refer to the description of onetime in
- &man.geli.8; for a list of possible options.
@@ -2929,13 +2968,13 @@
&prompt.user; swapinfo
Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.bde 542720 0 542720 0%
+/dev/ada0s1b.bde 542720 0 542720 0%
If &man.geli.8; is being used:
&prompt.user; swapinfo
Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.eli 542720 0 542720 0%
+/dev/ada0s1b.eli 542720 0 542720 0%