Partioning, layout and encryption (w passfile)
I'm sitting here planning my install, at least the partitioning layout. And I'm trying to get my head around a few things.
The plan is to use 2 disks. I have 2x 120GB available. First thought was to put them in a RAID and then CRYPT that one. I've seen a couple of examples/guides doing that, but the official documentation says it's not supported »»». I'll go with the FAQ. So, 2 disks, both encrypted: 1 with the system (2 partitions: 1 small + 1 w all partitions) - the other one just mounted on it (2 partitions: /altroot + 1 big), and I can make a script to rsync my backups instead. I guess disk#2 can be decrypted and mounted an rc-file using the:
# disk#1 a: / # 123m (just to match disk#2) d: / # 123m /the/other /partitions # disk#2 a: /altroot # 123m d: / # mounted on disk#1 // 123m is just for the example
- - -
The other thing is, the passfile. I've really tried to search/find guides and examples around, but only found 2. To unlock disk#2, I can put the passfile in: /root/foo/disk2.pfile. But how to unlock disk#1… Can I use the passfile option for that one as well? Is the system able to read a passfile on boot inside the crypted partition (ie probing function), or does it need to sit on an uncrypted partition? Or how can I get disk#1 to unlock on boot, without typing or keydisk?
The idea is to use the server either as a mailserver @home, or as a backup server @neighbour (or another location). A keydisk doesn't feels like an option. I want to have a solution that can handle both disks, but neither the FAQ or the bioctl(8) are using that in any examples.
What's the preferred way to manage/reboot a server remotely (ssh)? Any ideas?
- - -
> “It's currently only possible to boot from RAID1 and crypto volumes on i386, amd64 and sparc64.” — faq14.html#softraid
Perhaps I can't use FDE using my old Mac G4 (macppc)? Then, what's the minimum I need unencrypted?
Sorry if I've mixed up or missed anything. Please correct me if so.
|Thread||Thread Starter||Forum||Replies||Last Post|
|alpine with .pine-passfile support||slowtechstef||OpenBSD Packages and Ports||3||26th February 2016 10:30 PM|
|Partitions layout: Who is right?||punk0x29a||FreeBSD General||6||27th May 2013 06:45 PM|
|Security: Encryption: Disk Encryption||eurovive||Other BSD and UNIX/UNIX-like||17||6th March 2010 04:09 AM|
|Recommended Partition Layout||MetalHead||OpenBSD Installation and Upgrading||12||30th November 2008 10:08 AM|
|Keyboard Layout||mfaridi||FreeBSD General||6||26th June 2008 07:13 PM|