Changeset View
Changeset View
Standalone View
Standalone View
head/lib/geom/eli/geli.8
Show All 18 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd June 27, 2018 | .Dd July 24, 2018 | ||||
.Dt GELI 8 | .Dt GELI 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm geli | .Nm geli | ||||
.Nd "control utility for the cryptographic GEOM class" | .Nd "control utility for the cryptographic GEOM class" | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
To compile GEOM_ELI into your kernel, add the following lines to your kernel | To compile GEOM_ELI into your kernel, add the following lines to your kernel | ||||
configuration file: | configuration file: | ||||
Show All 20 Lines | |||||
.Op Fl B Ar backupfile | .Op Fl B Ar backupfile | ||||
.Op Fl e Ar ealgo | .Op Fl e Ar ealgo | ||||
.Op Fl i Ar iterations | .Op Fl i Ar iterations | ||||
.Op Fl J Ar newpassfile | .Op Fl J Ar newpassfile | ||||
.Op Fl K Ar newkeyfile | .Op Fl K Ar newkeyfile | ||||
.Op Fl l Ar keylen | .Op Fl l Ar keylen | ||||
.Op Fl s Ar sectorsize | .Op Fl s Ar sectorsize | ||||
.Op Fl V Ar version | .Op Fl V Ar version | ||||
.Ar prov | .Ar prov ... | ||||
.Nm | .Nm | ||||
.Cm label - an alias for | .Cm label - an alias for | ||||
.Cm init | .Cm init | ||||
.Nm | .Nm | ||||
.Cm attach | .Cm attach | ||||
.Op Fl Cdprv | .Op Fl Cdprv | ||||
.Op Fl n Ar keyno | .Op Fl n Ar keyno | ||||
.Op Fl j Ar passfile | .Op Fl j Ar passfile | ||||
▲ Show 20 Lines • Show All 155 Lines • ▼ Show 20 Lines | |||||
Allows suspending and resuming encrypted devices. | Allows suspending and resuming encrypted devices. | ||||
.El | .El | ||||
.Pp | .Pp | ||||
The first argument to | The first argument to | ||||
.Nm | .Nm | ||||
indicates an action to be performed: | indicates an action to be performed: | ||||
.Bl -tag -width ".Cm configure" | .Bl -tag -width ".Cm configure" | ||||
.It Cm init | .It Cm init | ||||
Initialize the provider which needs to be encrypted. | Initialize providers which need to be encrypted. | ||||
If multiple providers are listed as arguments, they will all be initialized | |||||
with the same passphrase and/or User Key. | |||||
A unique salt will be randomly generated for each provider to ensure the | |||||
Master Key for each is unique. | |||||
Here you can set up the cryptographic algorithm to use, Data Key length, | Here you can set up the cryptographic algorithm to use, Data Key length, | ||||
etc. | etc. | ||||
The last sector of the provider is used to store metadata. | The last sector of the providers is used to store metadata. | ||||
The | The | ||||
.Cm init | .Cm init | ||||
subcommand also automatically writes metadata backups to | subcommand also automatically writes metadata backups to | ||||
.Pa /var/backups/<prov>.eli | .Pa /var/backups/<prov>.eli | ||||
file. | file. | ||||
The metadata can be recovered with the | The metadata can be recovered with the | ||||
.Cm restore | .Cm restore | ||||
subcommand described below. | subcommand described below. | ||||
Show All 26 Lines | |||||
after boot. | after boot. | ||||
.It Fl B Ar backupfile | .It Fl B Ar backupfile | ||||
File name to use for metadata backup instead of the default | File name to use for metadata backup instead of the default | ||||
.Pa /var/backups/<prov>.eli . | .Pa /var/backups/<prov>.eli . | ||||
To inhibit backups, you can use | To inhibit backups, you can use | ||||
.Pa none | .Pa none | ||||
as the | as the | ||||
.Ar backupfile . | .Ar backupfile . | ||||
If multiple providers were initialized in the one command, you can use | |||||
.Pa PROV | |||||
(all upper-case) in the file name, and it will be replaced with the provider | |||||
name. | |||||
If | |||||
.Pa PROV | |||||
is not found in the file name and multiple providers were initialized in the | |||||
one command, | |||||
.Pa -<prov> | |||||
will be appended to the end of the file name specified. | |||||
.It Fl d | .It Fl d | ||||
When entering the passphrase to boot from this encrypted root filesystem, echo | When entering the passphrase to boot from this encrypted root filesystem, echo | ||||
.Ql * | .Ql * | ||||
characters. | characters. | ||||
This makes the length of the passphrase visible. | This makes the length of the passphrase visible. | ||||
.It Fl e Ar ealgo | .It Fl e Ar ealgo | ||||
Encryption algorithm to use. | Encryption algorithm to use. | ||||
Currently supported algorithms are: | Currently supported algorithms are: | ||||
▲ Show 20 Lines • Show All 841 Lines • Show Last 20 Lines |