View Single Post
  #1   (View Single Post)  
Old 19th March 2017
Frice Frice is offline
Real Name: Eric
New User
 
Join Date: Mar 2017
Location: Sweden
Posts: 5
Default Partioning, layout and encryption (w passfile)

I'm sitting here planning my install, at least the partitioning layout. And I'm trying to get my head around a few things.

The plan is to use 2 disks. I have 2x 120GB available. First thought was to put them in a RAID and then CRYPT that one. I've seen a couple of examples/guides doing that, but the official documentation says it's not supported »»». I'll go with the FAQ. So, 2 disks, both encrypted: 1 with the system (2 partitions: 1 small + 1 w all partitions) - the other one just mounted on it (2 partitions: /altroot + 1 big), and I can make a script to rsync my backups instead. I guess disk#2 can be decrypted and mounted an rc-file using the: -p passfile.

Something like:
HTML Code:
# disk#1
a: /            # 123m (just to match disk#2)
d: /            # 123m
   /the/other
   /partitions

# disk#2
a: /altroot     # 123m
d: /            # mounted on disk#1

// 123m is just for the example
Since /altroot is on the other disk (as recommended), and the disk is encrypted. Should I mount it in the rc-file together with the unlocking?, or can it go into /etc/fstab?

- - -

The other thing is, the passfile. I've really tried to search/find guides and examples around, but only found 2. To unlock disk#2, I can put the passfile in: /root/foo/disk2.pfile. But how to unlock disk#1… Can I use the passfile option for that one as well? Is the system able to read a passfile on boot inside the crypted partition (ie probing function), or does it need to sit on an uncrypted partition? Or how can I get disk#1 to unlock on boot, without typing or keydisk?

The idea is to use the server either as a mailserver @home, or as a backup server @neighbour (or another location). A keydisk doesn't feels like an option. I want to have a solution that can handle both disks, but neither the FAQ or the bioctl(8) are using that in any examples.

What's the preferred way to manage/reboot a server remotely (ssh)? Any ideas?

- - -

> “It's currently only possible to boot from RAID1 and crypto volumes on i386, amd64 and sparc64.” — faq14.html#softraid

Perhaps I can't use FDE using my old Mac G4 (macppc)? Then, what's the minimum I need unencrypted?


Sorry if I've mixed up or missed anything. Please correct me if so.
__________________
[frice@...] ~$
Reply With Quote