Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 19th March 2017
Frice Frice is offline
Real Name: Eric
New User
Join Date: Mar 2017
Location: Sweden
Posts: 5
Default Partioning, layout and encryption (w passfile)

I'm sitting here planning my install, at least the partitioning layout. And I'm trying to get my head around a few things.

The plan is to use 2 disks. I have 2x 120GB available. First thought was to put them in a RAID and then CRYPT that one. I've seen a couple of examples/guides doing that, but the official documentation says it's not supported »»». I'll go with the FAQ. So, 2 disks, both encrypted: 1 with the system (2 partitions: 1 small + 1 w all partitions) - the other one just mounted on it (2 partitions: /altroot + 1 big), and I can make a script to rsync my backups instead. I guess disk#2 can be decrypted and mounted an rc-file using the: -p passfile.

Something like:
HTML Code:
# disk#1
a: /            # 123m (just to match disk#2)
d: /            # 123m

# disk#2
a: /altroot     # 123m
d: /            # mounted on disk#1

// 123m is just for the example
Since /altroot is on the other disk (as recommended), and the disk is encrypted. Should I mount it in the rc-file together with the unlocking?, or can it go into /etc/fstab?

- - -

The other thing is, the passfile. I've really tried to search/find guides and examples around, but only found 2. To unlock disk#2, I can put the passfile in: /root/foo/disk2.pfile. But how to unlock disk#1… Can I use the passfile option for that one as well? Is the system able to read a passfile on boot inside the crypted partition (ie probing function), or does it need to sit on an uncrypted partition? Or how can I get disk#1 to unlock on boot, without typing or keydisk?

The idea is to use the server either as a mailserver @home, or as a backup server @neighbour (or another location). A keydisk doesn't feels like an option. I want to have a solution that can handle both disks, but neither the FAQ or the bioctl(8) are using that in any examples.

What's the preferred way to manage/reboot a server remotely (ssh)? Any ideas?

- - -

> “It's currently only possible to boot from RAID1 and crypto volumes on i386, amd64 and sparc64.” — faq14.html#softraid

Perhaps I can't use FDE using my old Mac G4 (macppc)? Then, what's the minimum I need unencrypted?

Sorry if I've mixed up or missed anything. Please correct me if so.
[frice@...] ~$
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
alpine with .pine-passfile support slowtechstef OpenBSD Packages and Ports 3 26th February 2016 10:30 PM
Partitions layout: Who is right? punk0x29a FreeBSD General 6 27th May 2013 06:45 PM
Security: Encryption: Disk Encryption eurovive Other BSD and UNIX/UNIX-like 17 6th March 2010 04:09 AM
Recommended Partition Layout MetalHead OpenBSD Installation and Upgrading 12 30th November 2008 10:08 AM
Keyboard Layout mfaridi FreeBSD General 6 26th June 2008 07:13 PM

All times are GMT. The time now is 06:40 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick