|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
Full Disk Encryption
I plan on using FDE prior to the installation by dropping to shell. I am left with some questions.
Select (S)hell at the initial prompt. Welcome to the OpenBSD/amd64 X.X installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s From here, you'll be given a shell within the live environment to manipulate the disks. For this example, we will install to the wd0 SATA drive, erasing all of its previous contents. You may want to write random data to the drive first with something like the following: Code:
# dd if=/dev/random of=/dev/rwd0c bs=1m What utilities are available in shell for me to find out what my drive ID is (i.e wd0, sd0, hd0, etc...) or will I have found that out during the install disk boot process? Next, we'll initialize the disk with fdisk(8) and create the softraid partition with disklabel(8). Code:
# fdisk -iy wd0 Writing MBR at offset 0. # disklabel -E wd0 Label editor (enter '?' for help at any prompt) > a a offset: [2104515] size: [39825135] * FS type: [4.2BSD] RAID > w > q No label changes. |
|
|||
I have FDE OpenBSD install and Windows (currently unencrypted). So it is not really a FDE. Only whole OpenBSD is encrypted.
I can provide some examples. my sd0 is physical device sd1 is softraid/virtual SCSI device Warning: These names can change if you for example boot from pendrive. For example I boot from pendrive to upgrade current. I must check what is called each of them before manually provisioning and upgrading. Code:
sysctl hw.disknames hw.disknames=sd0:3a9569f176005878,cd0:,sd1:e2687744d2198a2e Code:
fdisk sd0 | grep -e OpenBSD -e size #: id C H S - C H S [ start: size ] 3: A6 51663 20 7 - 60801 80 63 [ 829967361: 146805807 ] OpenBSD #: id C H S - C H S [ start: size ] #: id C H S - C H S [ start: size ] Code:
# disklabel sd0 | grep -e RAID -e fstype # size offset fstype [fsize bsize cpg] a: 146805807 829967361 RAID One MBR partition: Code:
fdisk sd1 | grep -e OpenBSD -e size #: id C H S - C H S [ start: size ] *3: A6 0 1 2 - 9137 254 63 [ 64: 146801906 ] OpenBSD Code:
disklabel sd1 | grep -e unused -e ' /' -e size # /dev/rsd1c: # size offset fstype [fsize bsize cpg] a: 8388608 64 4.2BSD 2048 16384 1 # / c: 146805279 0 unused d: 2097152 8388672 4.2BSD 2048 16384 1 # /var e: 31457280 10485824 4.2BSD 2048 16384 1 # /usr h: 104858848 41943104 4.2BSD 2048 16384 1 # /home http://daemonforums.org/showpost.php...50&postcount=2 |
|
|||
Somewhat related, there might be a minor error in the FAQ about "Encrypting External Disks" (s/sd3/sd1/).
In the sequence of commands following : "A quick example runthrough of the steps follows, with sd0 being the USB drive." # bioctl -c C -l sd0a softraid0 New passphrase: Re-type passphrase: softraid0: CRYPTO volume attached as sd3 # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Full disk encryption in NetBSD 7.0 RC2 | bashrules | NetBSD Installation and Upgrading | 1 | 18th August 2015 02:11 AM |
Reliability concerns on full disk encryption | virtuvoos | OpenBSD Security | 4 | 31st October 2013 11:06 PM |
FreeNAS 8.3.1 introduces full disk ZFS encryption | J65nko | News | 0 | 22nd March 2013 02:54 AM |
Security: Encryption: Disk Encryption | eurovive | Other BSD and UNIX/UNIX-like | 17 | 6th March 2010 04:09 AM |
Full disk encryption with Loop-AES | deviant085 | OpenBSD Security | 9 | 23rd November 2009 12:51 AM |