View Single Post
Old 23rd May 2009
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102

Originally Posted by ocicat View Post
[*] Consider using vnconfig(8) to configure the encryption of user (non-root) partitions. The root partition cannot be encrypted, but /home or other partitions can be. Likewise, encrypting an entire system is not that practical given the performance degradation.[/list][/list]
There is "better" way than vnd driver. Read the manpage for softraid and bioctl. It works similar to cgd:
bioctl -c C -l  softraid0
Note that you can encrypt everything besides the root partition when installing from bsd.rd on the
common architectures e.g. amd64.

Assuming that your RAID partition is sd0d, use the following command to
edit /etc/rc

ed -s /etc/rc
/^# Configure raid/a
until bioctl -c C -l /dev/sd0d softraid0; do done
All above being said the one who controls hardware actually controls data and there is no software solution
which can protect you from that.
Reply With Quote