Can you break the install process as I did in the HOWTO and continue forward with a full softraid setup? I wrote the HOWTO after struggling for a few evenings to get the setup to work seamlessly. Maybe the documentation was over my head, but I have had no issues in countless other OS doing WDE. Though with the speed at which softraid and WDE is moving with OpenBSD, my guide is becoming very antiquated in just a few months.
Here is the CVS commit for softraid boot if anyone else looking: http://marc.info/?l=openbsd-cvs&m=126960262412653 On Sun, Apr 24, 2011 at 19:13, Kenneth R Westerback <kwesterb...@rogers.com>wrote: > On Mon, Apr 25, 2011 at 03:41:33AM +1000, John Tate wrote: > > OpenBSD Misc, > > > > I have recently configured an OpenBSD softraid using the following > > as a guide along with the correct manual pages: > http://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption > > > > The limitation I've noticed is that / is unencrypted which means > > /etc is unencrypted. My first install had the usual partitions on > > the encrypted softraid device: /usr /var /home and /tmp which all in > > all works out pretty well. Then when creating private keys it > > clicked that they would reside in /etc/ssl/private which of course > > could be moved but I am a pretty anal admin who likes things done as > > those who engineered the system intended. It saves trouble doing > > things that way. Most the stuff in /etc is not that important but I > > take the physical security of the machine pretty seriously. > > > > When I read the guide the first time on the first install it > > mentioned creating an /altroot partition and I did but this seems to > > be for backup purposes or something. I can't really tell and I can't > > seem to find much documentation about it. I thought when reading the > > guide that the root partition would switch over to it or something > > like that. It was pretty disappointing when I looked around in the > > documentation and manual pages regarding mount and such and found > > that I could not modify the /bin/decrypt script mentioned in the > > guide to use mount to switch to altroot. I might be wrong and there > > might just be a flaw in the documentation. It would be very good if > > such a root partition switching type thing added as a feature to > > OpenBSD. > > > > In the meantime I've come up with my own solution for which I > > reinstalled this time creating on the softraid a partition called > > /secetc. Basically using this I can copy things over from /etc to > > /secetc, delete them in /etc, and symlink them over to /secetc. > > After that it is a matter of creating the private keys and things in > > the new locations. A lot can put in that location and can still be > > found the ordinary way. Still it would be much better if: this guide > > didn't suck, and if there was a root switching feature in OpenBSD. > > > > John Tate > > > > Support for booting from softraid was just committed to -current. The > install scripts still do not provide direct support for creating > softraid partitions. > > .... Ken > > -- Nicholas Schmidt oneguyn...@gmail.com P: 661.724.6438
