Open Source Full Disk Encryption for BSD Operating System?
-
11-09-2019 - |
Question
Anyone aware of an open source equivalent to full disk encryption products such as Pointsec (a Check Point product) where the machine won't boot unless a password is supplied?
Solution
From this Wikipedia page, I see the following disk encryption methods that are can be used on BSD (FreeBSD or NetBSD):
OTHER TIPS
On FreeBSD, you can encrypt almost the whole disk. If you want to encrypt the partition containing the filesystem root, you need an unencrypted partition to contain /boot
.
On a bog-standard FreeBSD 9 install, /boot
is around 300 MB. Most of that is /boot/kernel
, especially the symbols
files for the kernel and modules.
See e.g. this blog article.
Personally, I wouldn't bother encrypting more than the partition that holds your data. There is nothing secret in the OS files itself.
Truecrypt supports windows, linux and mac. It supports full disk encryption, although that is listed as supported only for windows. There apparently exists some patches that adds support for freebsd, although I do not know if that includes full disk encryption.
In a comment to this blog post by Bruce Schneier, the following is mentioned in addition to the ones already listed in Rick Copeland's answer:
- svnd (OpenBSD)
and maybe
- EncFS
- CryptoFS