|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
encryption with two disk?
Hi everybody, I have a Thinkpad T420 with 2 disk (120GB SSD and 500GB HDD) I would like to encrypt both disk and install it's that possible? I know how two do it with one disk but not two. Thanks in advance
|
|
|||
thanks I will try when I finish setting the other laptop
|
|
|||
Quote:
Code:
Can't open DUID.a: No such file or directory CAN'T CHECK FILE SYSTEM DUID.a: UNEXPECTED INCONSISTENCY; TUN fsck_ffs MANUALLY THE FOLLOEING FILE SYSTEM HAD AN UNEXPECTED INCONSISYENCY: ffs: DUID.a (/home) |
|
||||
I've been able to recreate this on a test system. The cause is clear: the bootloader decrypts only the boot drive.
My test system had /home on the second drive. And I had thought a solution would be to set the fstab(5) /home entry to include the noauto option, then issue a bioctl(8) and mount(8) from an rc.local(5) script. However, rc(8) still attempts and fails to mount the /home mount point. The reason is as yet unclear to me, as noauto works fine when issuing # mount -a or # mount -A manually. Removing the fstab(5) entry permits rc(8) to complete processing and pass control to rc.local(8), where bioctl(8) and mount(8) commands can be executed. You will want to test the bioctl(8) results, so that in the event of an incorrect passphrase, bioctl can be retried. EDIT: Here is an example rc.local(5) script that permits three attempts to enter the correct passphrase before mounting the partition. Code:
for tries in 1 2 3; do bioctl -c C -l /dev/sd1a softraid0 if [ $? -eq 0 ] ; then break fi done mount 5435133273012c81.a /home Last edited by jggimi; 10th September 2017 at 02:46 PM. Reason: added example rc.local script |
|
|||
That works for me with also a 0 in the last numeric parameter in fstab which excludes the partition from automated fsck.
Code:
a6d775ee96227348.a /mnt/backup ffs rw,nodev,nosuid,noauto,softdep,noatime 0 0 Since fsck will not be run automatically, I also run it whenever I mount in rc.local at boot up Code:
bioctl -c C -l /dev/sd1a softraid0 || bioctl -c C -l /dev/sd1a softraid0 || bioctl -c C -l /dev/sd1a softraid0 && fsck a6d775ee96227348.a && mount /mnt/backup Last edited by TronDD; 10th September 2017 at 08:17 PM. |
|
||||
Quote:
Quote:
|
|
|||
So there is no way to do it without entering the password another time when mounting /home right?
|
|
|||
Quote:
|
Tags |
disk encryption, encryption |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Whole Disk Encryption and USB Drive | staus | OpenBSD Security | 31 | 21st July 2016 02:04 AM |
Full Disk Encryption | jjstorm | OpenBSD Installation and Upgrading | 3 | 30th May 2016 08:19 PM |
Disk encryption | mfaridi | OpenBSD Security | 12 | 2nd March 2015 08:45 PM |
whole disk encryption | 22decembre | OpenBSD Security | 6 | 5th January 2015 09:23 AM |
Security: Encryption: Disk Encryption | eurovive | Other BSD and UNIX/UNIX-like | 17 | 6th March 2010 04:09 AM |