|
|
|||
whole disk encryption
I recently bought a small netbook. It works quite fine under openbsd.
Code:
$ uname -a OpenBSD musen.22decembre.eu 5.6 GENERIC.MP#299 i386 $ sysctl kern kern.ostype=OpenBSD kern.osrelease=5.6 kern.osrevision=201411 kern.version=OpenBSD 5.6 (GENERIC.MP) #299: Fri Aug 8 00:10:33 MDT 2014 deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP I just succeed in setting an encrypted partition. Here is the disklabel of the physical disk : Code:
# /dev/rsd0c: type: SCSI disk: SCSI disk label: WDC WD800BEVS-00 duid: 39ac47a59a78a464 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 9729 total sectors: 156301488 boundstart: 64 boundend: 156296385 drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] a: 2097152 64 4.2BSD 2048 16384 1 # / b: 2599424 2097216 swap # none c: 156301488 0 unused e: 12538880 13085248 4.2BSD 2048 16384 1 # /var f: 4194304 25624128 4.2BSD 2048 16384 1 # /usr h: 10488640 29818432 4.2BSD 2048 16384 1 # /home i: 20964838 40307072 RAID Code:
# bioctl -c C -l /dev/sd0i softraid0 Passphrase: softraid0: CRYPTO volume attached as sd2 Code:
# /dev/rsd2c: type: SCSI disk: SCSI disk label: SR CRYPTO duid: a751c8ec1c6976ed flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 1304 total sectors: 20964310 boundstart: 64 boundend: 20948760 drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] c: 20964310 0 unused d: 20948672 64 4.2BSD 2048 16384 1 Code:
# mount a751c8ec1c6976ed.d /mnt/target/ mount_ffs: a751c8ec1c6976ed.d on /mnt/target: Invalid argument What do I do wrong ? Thank you for your answer and merry christmas, happy new year... Last edited by ocicat; 5th January 2015 at 03:29 PM. Reason: Edited out profanity -- forbidden in the forum rules. |
|
||||
Quote:
Operating your laptop with full disk encrypt is much, much, much easier if you set up your softraid device at install time, not after you have complete your installation. Afterwards, you must create five separate filesystems in sd2, copy the filesystems one at a time, and install bootblocks manually. But it is much easier to start over, and re-install using full-disk encryption. This "howto" assumes sd0 is your hard drive.
Last edited by jggimi; 25th December 2014 at 11:52 AM. Reason: typos |
|
||||
I should add, that if you want to reinitialize a pre-existing disklabel, use the z command. That may make adding a single large "a" partition, as in my example, easier. See disklabel(8).
|
|
|||
It appears that I did not format. I thought disklabel had done this task.
thanks. I will reinstall with encryption. |
|
|||
worked perfect !
|
|
|||
I've been using full disk encryption for a number of years on my little netbook and it works great. But one thing I keep forgetting when re-installing every 6 months or so is to adjust my intended passphrase to work on the default keyboard encoding that is available at the passphrase prompt.
Basically I keep setting passphrases under a "kbd sv" environment, and when re-booting I end up having to type the passphrase with a different keyboard encoding - making some characters appear on different keys. So my already funny passphrase becomes even more hilarious to type in. |
Tags |
crypto, softraid0 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Reliability concerns on full disk encryption | virtuvoos | OpenBSD Security | 4 | 31st October 2013 11:06 PM |
FreeNAS 8.3.1 introduces full disk ZFS encryption | J65nko | News | 0 | 22nd March 2013 02:54 AM |
Security: Encryption: Disk Encryption | eurovive | Other BSD and UNIX/UNIX-like | 17 | 6th March 2010 04:09 AM |
Full disk encryption with Loop-AES | deviant085 | OpenBSD Security | 9 | 23rd November 2009 12:51 AM |
Disk geometry for Seagate disk | phreud | FreeBSD Installation and Upgrading | 5 | 8th November 2008 10:51 PM |