SD Card encryption
-
Hi everyone,
What are the options available to encrypt the Flash Card with pfSense on it? I have Console password already setup. However, I want to guard against malicious user opening the Alix case when it's on a remote site. I can't afford to enter a password at boot up due to encryption. Is there any way to encrypt without the need to enter a password each time system is restarted and also guard against the user seeing data on SD card if they connect it directly to their computer?
Thanks,
-
Obviously no and if there was, such self-decrypting "encryption" would be utterly useless.
-
We don't officially have any support for disk encryption, but FreeBSD does. It does require manually entering the password, otherwise as doktornotor said it would be pretty worthless. You can have security, or you can have convenience, you can almost never have both.
http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html
You need an unencrypted section of the disk in addition to the encrypted section (or two separate disks), I don't believe it supports booting from an encrypted disk for some obvious reasons.
If you're that worried about someone stealing the CF, then you either need to not keep such sensitive data on it, or invest in some good physical security measures to keep it physically safe and locked up.