I'm sitting here planning my install, at least the partitioning layout. And I'm trying to get my head around a few things.
The plan is to use 2 disks. I have 2x 120GB available. First thought was to put them in a RAID and then CRYPT that one. I've seen a couple of examples/guides doing that, but the official documentation says it's not supported
»»». I'll go with the FAQ. So, 2 disks, both encrypted: 1 with the system
(2 partitions: 1 small + 1 w all partitions) - the other one just mounted on it
(2 partitions: /altroot + 1 big), and I can make a script to rsync my backups instead. I guess disk#2 can be decrypted and mounted an rc-file using the:
-p passfile
.
Something like:
HTML Code:
# disk#1
a: / # 123m (just to match disk#2)
d: / # 123m
/the/other
/partitions
# disk#2
a: /altroot # 123m
d: / # mounted on disk#1
// 123m is just for the example
Since /altroot is on the other disk
(as recommended), and the disk is encrypted. Should I mount it in the rc-file together with the unlocking?, or can it go into
/etc/fstab?
- - -
The other thing is, the passfile. I've really tried to search/find guides and examples around, but only found 2. To unlock disk#2, I can put the passfile in:
/root/foo/disk2.pfile. But how to unlock disk#1… Can I use the passfile option for that one as well? Is the system able to read a passfile on boot
inside the crypted partition
(ie probing function), or does it need to sit on an uncrypted partition? Or how can I get disk#1 to unlock on boot, without typing or keydisk?
The idea is to use the server either as a mailserver @home, or as a backup server @neighbour
(or another location). A keydisk doesn't feels like an option. I want to have a solution that can handle both disks, but neither the FAQ or the
bioctl(8) are using that in any examples.
What's the preferred way to manage/reboot a server remotely
(ssh)? Any ideas?
- - -
> “It's currently only possible to boot from RAID1 and crypto volumes on i386, amd64 and sparc64.” — faq14.html#softraid
Perhaps I can't use FDE using my old Mac G4
(macppc)? Then, what's the minimum I need unencrypted?
Sorry if I've mixed up or missed anything. Please correct me if so.