Page MenuHomeFreeBSD
Files F136948110

D2094.id4282.diff
No OneTemporary
Actions

D2094.id4282.diff
View Options

Index: en_US.ISO8859-1/books/handbook/disks/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/disks/chapter.xml
+++ en_US.ISO8859-1/books/handbook/disks/chapter.xml
@@ -2878,7 +2878,7 @@
<para>This section demonstrates how to configure an encrypted
swap partition using &man.gbde.8; or &man.geli.8; encryption.
It assumes a <acronym>UFS</acronym> file system where
- <filename>/dev/ad0s1b</filename> is the swap partition.</para>
+ <filename>/dev/ada0s1b</filename> is the swap partition.</para>
<sect2>
<title>Configuring Encrypted Swap</title>
@@ -2888,34 +2888,73 @@
the current swap partition with random garbage, execute the
following command:</para>
- <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ad0s1b</replaceable> bs=1m</userinput></screen>
+ <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ada0s1b</replaceable> bs=1m</userinput></screen>
<para>To encrypt the swap partition using &man.gbde.8;, add the
<literal>.bde</literal> suffix to the swap line in
<filename>/etc/fstab</filename>:</para>
<programlisting># Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.bde none swap sw 0 0</programlisting>
+/dev/ada0s1b.bde none swap sw 0 0</programlisting>
<para>To instead encrypt the swap partition using &man.geli.8;,
use the
<literal>.eli</literal> suffix:</para>
<programlisting># Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.eli none swap sw 0 0</programlisting>
+/dev/ada0s1b.eli none swap sw 0 0</programlisting>
<para>By default, &man.geli.8; uses the <acronym>AES</acronym>
- algorithm with a key length of 128 bit. These defaults can be
- altered by using <literal>geli_swap_flags</literal> in
- <filename>/etc/rc.conf</filename>. The following flags
- configure encryption using the Blowfish algorithm with a key
- length of 128 bits and a sectorsize of 4 kilobytes, and sets
- <quote>detach on last close</quote>:</para>
+ algorithm with a key length of 256 bits. These defaults can
+ be altered in the options field in
+ <filename>/etc/fstab</filename>. The possible flags
+ are:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>aalgo</term>
+ <listitem>
+ <para>Data integrity verification algorithm used to ensure
+ that the encrypted data has not been tampered with. See
+ &man.geli.8; for a list of supported algorithms.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ealgo</term>
+ <listitem>
+ <para>Encryption algorithm used to protect the data. See
+ &man.geli.8; for a list of supported algorithms.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>keylen</term>
+ <listitem>
+ <para>The length of the key used for the encryption
+ algorithm. See &man.geli.8; for the key lengths that
+ are supported by each encryption algorithm.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>sectorsize</term>
+ <listitem>
+ <para>The size of the blocks data is broken into before
+ it is encrypted. Larger sector sizes increase
+ performance at the cost of higher storage
+ overhead. The recommended size is 4096 bytes.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>This example
+ configures encryption using the Blowfish algorithm with a key
+ length of 128 bits and a sectorsize of 4 kilobytes:</para>
- <programlisting>geli_swap_flags="-e blowfish -l 128 -s 4096 -d"</programlisting>
+ <programlisting># Device Mountpoint FStype Options Dump Pass#
+/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0</programlisting>
- <para>Refer to the description of <literal>onetime</literal> in
- &man.geli.8; for a list of possible options.</para>
</sect2>
<sect2>
@@ -2929,13 +2968,13 @@
<screen>&prompt.user; <userinput>swapinfo</userinput>
Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.bde 542720 0 542720 0%</screen>
+/dev/ada0s1b.bde 542720 0 542720 0%</screen>
<para>If &man.geli.8; is being used:</para>
<screen>&prompt.user; <userinput>swapinfo</userinput>
Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.eli 542720 0 542720 0%</screen>
+/dev/ada0s1b.eli 542720 0 542720 0%</screen>
</sect2>
</sect1>

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 21, 7:26 PM (8 h, 40 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25791865
Default Alt Text
D2094.id4282.diff (4 KB)

Event Timeline