Encrypted storage and/or startup

[grahamperrin]

Keywords: privacy, security

---

From https://www.youtube.com/watch?v=PlPTVbhrKYM&lc=Ugx3Jc3jbkLTS7ps-Ux4AaABAg yesterday:

Nice, just hope that … it can be used at the corporate!

I do hope so, although password-less sudo is causing corporate IT security managers worldwide to suffer nervous twitches at their Christmas dinner tables. Feuerzangenbowle accidents have been reported.

Jokes and corporate use cases aside: there is, I believe, a genuine need for some degree of encryption. Home directory on a USB flash drive or whatever is fine, until that medium falls into the wrong hands … and so on.

Brainstorming

#37

Consider the approach that's currently taken by NomadBSD. From https://nomadbsd.org/handbook/handbook.html#firstboot:

𠉧… When you boot NomadBSD for the first time, it will run the setup wizard which allows you to set your … password, encryption, …

If I recall correctly: the wizard offers to encrypt both system startup and the home directory; I chose both, then in everyday use I'm typically prompted just once.

The GELI-based implementation is fine, but might be a distraction during early development of helloSystem …

… maybe wait until (without GELI) FreeBSD can boot from encrypted OpenZFS; #32

[probonopd]

Nice, just hope that … it can be used at the corporate!

Out of the box, helloSystem is designed for end users, not for system administrators or corporate lockdown officers. That being said, it is open source and just FreeBSD under the hood, so normal FreeBSD system administration skills do apply.

there is, I believe, a genuine need for some degree of encryption

I agree. Making this really nice and seamless (no Terminal needed) would be a welcome addition.

maybe wait until (without GELI) FreeBSD can boot from encrypted OpenZFS

Agree!

[probonopd]

Duplicate of helloSystem/ISO#15.