API tools faq
paste
Advertisement
devinteske

secure_thumb creation

devinteske
Aug 3rd, 2019
589
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 6.42 KB | None | 0 0
raw download clone embed print report
  1. dteske@scribe12 secure_thumb $ make
  2. dd if=/dev/zero of=secure_thumb.md bs=1m seek=256 count=0
  3. 0+0 records in
  4. 0+0 records out
  5. 0 bytes transferred in 0.000116 secs (0 bytes/sec)
  6. sudo mdconfig -f secure_thumb.md
  7. [sudo] Password:
  8. md0
  9. sudo gpart create -s MBR md0
  10. md0 created
  11. sudo gpart add -t freebsd -i 1 md0
  12. md0s1 added
  13. sudo gpart create -s BSD md0s1
  14. md0s1 created
  15. sudo gpart add -t freebsd-ufs -i 1 -s 128m md0s1
  16. md0s1a added
  17. sudo gpart add -t freebsd-ufs -i 4 -s 16m md0s1
  18. md0s1d added
  19. sudo gpart add -t freebsd-ufs -i 5 md0s1
  20. md0s1e added
  21. sudo newfs -n -U -O 1 -f 512 -b 4096 -i 8192 md0s1a
  22. /dev/md0s1a: 128.0MB (262144 sectors) block size 4096, fragment size 512
  23.     using 11 cylinder groups of 12.64MB, 3237 blks, 1632 inodes.
  24.     with soft updates
  25. super-block backups (for fsck_ffs -b #) at:
  26.  32, 25928, 51824, 77720, 103616, 129512, 155408, 181304, 207200, 233096, 258992
  27. mkdir -p mnt
  28. sudo mount /dev/md0s1a mnt
  29. sudo mkdir -m 0700 -p mnt/geli
  30. Enter new passphrase:
  31. Reenter new passphrase:
  32. sudo uuidgen -o mnt/.uuid
  33. sudo chmod 444 mnt/.uuid
  34. sudo chflags schg mnt/.uuid
  35. cat mnt/.uuid
  36. b0db8654-b5c9-11e9-96d6-000c293d4728
  37. mkdir -m 0700 -p geli
  38. sudo dd if=/dev/random of=mnt/geli/ffthumb-s1d.key bs=1k count=512
  39. 512+0 records in
  40. 512+0 records out
  41. 524288 bytes transferred in 0.005826 secs (89996172 bytes/sec)
  42. dd if=/dev/random of=geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1d.key bs=1k count=512
  43. 512+0 records in
  44. 512+0 records out
  45. 524288 bytes transferred in 0.004657 secs (112592043 bytes/sec)
  46. sudo chmod 400 mnt/geli/ffthumb-s1d.key
  47. sudo chflags schg mnt/geli/ffthumb-s1d.key
  48. chmod 400 geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1d.key
  49. sudo geli init -J- -B mnt/geli/ffthumb-s1d.backup -K mnt/geli/ffthumb-s1d.key -K geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1d.key md0s1d
  50.  
  51. Metadata backup for provider md0s1d can be found in mnt/geli/ffthumb-s1d.backup
  52. and can be restored with the following command:
  53.  
  54.     # geli restore mnt/geli/ffthumb-s1d.backup md0s1d
  55.  
  56. sudo geli attach -j- -k mnt/geli/ffthumb-s1d.key -k geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1d.key md0s1d
  57. sudo newfs -n -U -O 1 -f 512 -b 4096 -i 8192 md0s1d.eli
  58. /dev/md0s1d.eli: 16.0MB (32767 sectors) block size 4096, fragment size 512
  59.     using 4 cylinder groups of 4.00MB, 1024 blks, 512 inodes.
  60.     with soft updates
  61. super-block backups (for fsck_ffs -b #) at:
  62.  32, 8224, 16416, 24608
  63. sudo dd if=/dev/random of=mnt/geli/ffthumb-s1e.key bs=1k count=512
  64. 512+0 records in
  65. 512+0 records out
  66. 524288 bytes transferred in 0.004335 secs (120945561 bytes/sec)
  67. dd if=/dev/random of=geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1e.key bs=1k count=512
  68. 512+0 records in
  69. 512+0 records out
  70. 524288 bytes transferred in 0.005837 secs (89827101 bytes/sec)
  71. sudo chmod 400 mnt/geli/ffthumb-s1e.key
  72. sudo chflags schg mnt/geli/ffthumb-s1e.key
  73. chmod 400 geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1e.key
  74. sudo geli init -J- -B mnt/geli/ffthumb-s1e.backup -K mnt/geli/ffthumb-s1e.key -K geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1e.key md0s1e
  75.  
  76. Metadata backup for provider md0s1e can be found in mnt/geli/ffthumb-s1e.backup
  77. and can be restored with the following command:
  78.  
  79.     # geli restore mnt/geli/ffthumb-s1e.backup md0s1e
  80.  
  81. sudo geli attach -j- -k mnt/geli/ffthumb-s1e.key -k geli/ffhost-b0db8654-b5c9-11e9-96d6-000c293d4728-s1e.key md0s1e
  82. sudo newfs -n -U -O 1 -f 512 -b 4096 -i 8192 md0s1e.eli
  83. /dev/md0s1e.eli: 112.0MB (229366 sectors) block size 4096, fragment size 512
  84.     using 9 cylinder groups of 12.64MB, 3237 blks, 1632 inodes.
  85.     with soft updates
  86. super-block backups (for fsck_ffs -b #) at:
  87.  32, 25928, 51824, 77720, 103616, 129512, 155408, 181304, 207200
  88. sudo mkdir -m 0700 -p mnt/keys
  89. sudo mount /dev/md0s1d.eli mnt/keys
  90. sudo mkdir -m 0700 -p mnt/encstore
  91. type rsync
  92. sudo rsync -avSH src/ mnt/
  93. sending incremental file list
  94. ./
  95. mount.sh
  96. umount.sh
  97. keys/
  98. keys/Makefile
  99.  
  100. sent 9,549 bytes  received 88 bytes  19,274.00 bytes/sec
  101. total size is 9,248  speedup is 0.96
  102. sudo chmod 555 mnt/mount.sh mnt/umount.sh
  103. sudo chflags schg mnt/mount.sh mnt/umount.sh
  104. sudo umount mnt/keys
  105. sudo geli detach md0s1e
  106. sudo geli detach md0s1d
  107. sudo umount mnt
  108. rmdir mnt
  109. sudo mdconfig -d -u 0
  110. dteske@scribe12 secure_thumb $ make status
  111. secure_thumb.md is not attached
  112. secure_thumb.md is not mounted
  113. dteske@scribe12 secure_thumb $ make open
  114. sudo mdconfig -lf secure_thumb.md
  115. sudo mdconfig -f secure_thumb.md
  116. md0
  117. secure_thumb.md successfully attached to md0
  118. sudo mdconfig -lf secure_thumb.md
  119. md0
  120. mkdir -p mnt
  121. df -nh mnt
  122. Filesystem         Size    Used   Avail Capacity  Mounted on
  123. /dev/gpt/rootfs     29G    6.8G     20G    25%    /
  124. awk -v dev=/dev/md0s1a '$1=="/dev/md0s1a"{exit s=1}END{exit !s}'
  125. df -nh .
  126. awk 'NR>1{print $1;exit s=1}END{exit !s}'
  127. df -nh mnt
  128. awk 'NR>1{print $1;exit s=1}END{exit !s}'
  129. sudo mount /dev/md0s1a mnt
  130. secure_thumb.md successfully mounted on mnt
  131. GELI_HOST_KEY_DIR=./geli sh mnt/mount.sh -d
  132. [GELI] Passphrase:
  133.       Name  Status  Components
  134. md0s1d.eli  ACTIVE  md0s1d
  135.       Name  Status  Components
  136. md0s1e.eli  ACTIVE  md0s1e
  137. dteske@scribe12 secure_thumb $ make status
  138. secure_thumb.md is attached to md0
  139. secure_thumb.md is mounted on mnt
  140. secure_thumb.md keys (md0s1d.eli) is attached
  141. secure_thumb.md keys is mounted on mnt/keys
  142. secure_thumb.md encstore (md0s1e.eli) is attached
  143. secure_thumb.md encstore is mounted on mnt/encstore
  144. dteske@scribe12 secure_thumb $ ls mnt/keys
  145. Makefile
  146. dteske@scribe12 secure_thumb $ ls mnt/encstore
  147. dteske@scribe12 secure_thumb $ df -h mnt/keys
  148. Filesystem         Size    Used   Avail Capacity  Mounted on
  149. /dev/md0s1d.eli     16M    2.0K     14M     0%    /home/dteske/src/github/fraubsd/secure_thumb/mnt/keys
  150. dteske@scribe12 secure_thumb $ df -h mnt/encstore
  151. Filesystem         Size    Used   Avail Capacity  Mounted on
  152. /dev/md0s1e.eli    110M    512B    101M     0%    /home/dteske/src/github/fraubsd/secure_thumb/mnt/encstore
  153. dteske@scribe12 secure_thumb $ make close
  154. sudo mdconfig -lf secure_thumb.md
  155. md0
  156. df -nh mnt
  157. Filesystem     Size    Used   Avail Capacity  Mounted on
  158. /dev/md0s1a    126M    1.0M    115M     1%    /home/dteske/src/github/fraubsd/secure_thumb/mnt
  159. awk -v dev=/dev/md0s1a '$1=="/dev/md0s1a"{exit s=1}END{exit !s}'
  160. sh mnt/umount.sh
  161. sudo umount mnt
  162. sudo mdconfig -d -u 0
  163. rmdir mnt
  164. secure_thumb.md successfully unmounted and detached
  165. dteske@scribe12 secure_thumb $ make status
  166. secure_thumb.md is not attached
  167. secure_thumb.md is not mounted
  168. dteske@scribe12 secure_thumb $
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!