Changeset View
Changeset View
Standalone View
Standalone View
head/lib/geom/eli/geli.8
| Show All 18 Lines | |||||
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| .\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
| .\" | .\" | ||||
| .\" $FreeBSD$ | .\" $FreeBSD$ | ||||
| .\" | .\" | ||||
| .Dd June 27, 2018 | .Dd July 24, 2018 | ||||
| .Dt GELI 8 | .Dt GELI 8 | ||||
| .Os | .Os | ||||
| .Sh NAME | .Sh NAME | ||||
| .Nm geli | .Nm geli | ||||
| .Nd "control utility for the cryptographic GEOM class" | .Nd "control utility for the cryptographic GEOM class" | ||||
| .Sh SYNOPSIS | .Sh SYNOPSIS | ||||
| To compile GEOM_ELI into your kernel, add the following lines to your kernel | To compile GEOM_ELI into your kernel, add the following lines to your kernel | ||||
| configuration file: | configuration file: | ||||
| Show All 20 Lines | |||||
| .Op Fl B Ar backupfile | .Op Fl B Ar backupfile | ||||
| .Op Fl e Ar ealgo | .Op Fl e Ar ealgo | ||||
| .Op Fl i Ar iterations | .Op Fl i Ar iterations | ||||
| .Op Fl J Ar newpassfile | .Op Fl J Ar newpassfile | ||||
| .Op Fl K Ar newkeyfile | .Op Fl K Ar newkeyfile | ||||
| .Op Fl l Ar keylen | .Op Fl l Ar keylen | ||||
| .Op Fl s Ar sectorsize | .Op Fl s Ar sectorsize | ||||
| .Op Fl V Ar version | .Op Fl V Ar version | ||||
| .Ar prov | .Ar prov ... | ||||
| .Nm | .Nm | ||||
| .Cm label - an alias for | .Cm label - an alias for | ||||
| .Cm init | .Cm init | ||||
| .Nm | .Nm | ||||
| .Cm attach | .Cm attach | ||||
| .Op Fl Cdprv | .Op Fl Cdprv | ||||
| .Op Fl n Ar keyno | .Op Fl n Ar keyno | ||||
| .Op Fl j Ar passfile | .Op Fl j Ar passfile | ||||
| ▲ Show 20 Lines • Show All 155 Lines • ▼ Show 20 Lines | |||||
| Allows suspending and resuming encrypted devices. | Allows suspending and resuming encrypted devices. | ||||
| .El | .El | ||||
| .Pp | .Pp | ||||
| The first argument to | The first argument to | ||||
| .Nm | .Nm | ||||
| indicates an action to be performed: | indicates an action to be performed: | ||||
| .Bl -tag -width ".Cm configure" | .Bl -tag -width ".Cm configure" | ||||
| .It Cm init | .It Cm init | ||||
| Initialize the provider which needs to be encrypted. | Initialize providers which need to be encrypted. | ||||
| If multiple providers are listed as arguments, they will all be initialized | |||||
| with the same passphrase and/or User Key. | |||||
| A unique salt will be randomly generated for each provider to ensure the | |||||
| Master Key for each is unique. | |||||
| Here you can set up the cryptographic algorithm to use, Data Key length, | Here you can set up the cryptographic algorithm to use, Data Key length, | ||||
| etc. | etc. | ||||
| The last sector of the provider is used to store metadata. | The last sector of the providers is used to store metadata. | ||||
| The | The | ||||
| .Cm init | .Cm init | ||||
| subcommand also automatically writes metadata backups to | subcommand also automatically writes metadata backups to | ||||
| .Pa /var/backups/<prov>.eli | .Pa /var/backups/<prov>.eli | ||||
| file. | file. | ||||
| The metadata can be recovered with the | The metadata can be recovered with the | ||||
| .Cm restore | .Cm restore | ||||
| subcommand described below. | subcommand described below. | ||||
| Show All 26 Lines | |||||
| after boot. | after boot. | ||||
| .It Fl B Ar backupfile | .It Fl B Ar backupfile | ||||
| File name to use for metadata backup instead of the default | File name to use for metadata backup instead of the default | ||||
| .Pa /var/backups/<prov>.eli . | .Pa /var/backups/<prov>.eli . | ||||
| To inhibit backups, you can use | To inhibit backups, you can use | ||||
| .Pa none | .Pa none | ||||
| as the | as the | ||||
| .Ar backupfile . | .Ar backupfile . | ||||
| If multiple providers were initialized in the one command, you can use | |||||
| .Pa PROV | |||||
| (all upper-case) in the file name, and it will be replaced with the provider | |||||
| name. | |||||
| If | |||||
| .Pa PROV | |||||
| is not found in the file name and multiple providers were initialized in the | |||||
| one command, | |||||
| .Pa -<prov> | |||||
| will be appended to the end of the file name specified. | |||||
| .It Fl d | .It Fl d | ||||
| When entering the passphrase to boot from this encrypted root filesystem, echo | When entering the passphrase to boot from this encrypted root filesystem, echo | ||||
| .Ql * | .Ql * | ||||
| characters. | characters. | ||||
| This makes the length of the passphrase visible. | This makes the length of the passphrase visible. | ||||
| .It Fl e Ar ealgo | .It Fl e Ar ealgo | ||||
| Encryption algorithm to use. | Encryption algorithm to use. | ||||
| Currently supported algorithms are: | Currently supported algorithms are: | ||||
| ▲ Show 20 Lines • Show All 841 Lines • Show Last 20 Lines | |||||