|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
Partioning, layout and encryption (w passfile)
I'm sitting here planning my install, at least the partitioning layout. And I'm trying to get my head around a few things.
The plan is to use 2 disks. I have 2x 120GB available. First thought was to put them in a RAID and then CRYPT that one. I've seen a couple of examples/guides doing that, but the official documentation says it's not supported »»». I'll go with the FAQ. So, 2 disks, both encrypted: 1 with the system (2 partitions: 1 small + 1 w all partitions) - the other one just mounted on it (2 partitions: /altroot + 1 big), and I can make a script to rsync my backups instead. I guess disk#2 can be decrypted and mounted an rc-file using the: -p passfile .Something like: HTML Code:
# disk#1 a: / # 123m (just to match disk#2) d: / # 123m /the/other /partitions # disk#2 a: /altroot # 123m d: / # mounted on disk#1 // 123m is just for the example - - - The other thing is, the passfile. I've really tried to search/find guides and examples around, but only found 2. To unlock disk#2, I can put the passfile in: /root/foo/disk2.pfile. But how to unlock disk#1… Can I use the passfile option for that one as well? Is the system able to read a passfile on boot inside the crypted partition (ie probing function), or does it need to sit on an uncrypted partition? Or how can I get disk#1 to unlock on boot, without typing or keydisk? The idea is to use the server either as a mailserver @home, or as a backup server @neighbour (or another location). A keydisk doesn't feels like an option. I want to have a solution that can handle both disks, but neither the FAQ or the bioctl(8) are using that in any examples. What's the preferred way to manage/reboot a server remotely (ssh)? Any ideas? - - - > “It's currently only possible to boot from RAID1 and crypto volumes on i386, amd64 and sparc64.” — faq14.html#softraid Perhaps I can't use FDE using my old Mac G4 (macppc)? Then, what's the minimum I need unencrypted? Sorry if I've mixed up or missed anything. Please correct me if so.
__________________
[frice@...] ~$ |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
alpine with .pine-passfile support | slowtechstef | OpenBSD Packages and Ports | 3 | 26th February 2016 10:30 PM |
Partitions layout: Who is right? | punk0x29a | FreeBSD General | 6 | 27th May 2013 06:45 PM |
Security: Encryption: Disk Encryption | eurovive | Other BSD and UNIX/UNIX-like | 17 | 6th March 2010 04:09 AM |
Recommended Partition Layout | MetalHead | OpenBSD Installation and Upgrading | 12 | 30th November 2008 10:08 AM |
Keyboard Layout | mfaridi | FreeBSD General | 6 | 26th June 2008 07:13 PM |