On Fri, 20 Jul 2012 21:12:51 -0700 Robert Connolly <robertconnolly1...@gmail.com> wrote: > With OpenBSD's full disk encryption, and a locking screen > saver, there is no known way into my system, with any amount of resources > available.
AFAIK needs /boot to be unencrypted, i.e. not on softraid. So you don't have "full" disk encryption. The first attack vector would be to power off the system, put new code into /boot and then simulate a power failure. But I agree, it protects you against someone wanting to browse through your laptop, or theft/loss. The only way to get a "secure" system would be to have a fully encrypted disk, a BIOS that does the password management & boot decryption, and hardware (+ BIOS/firmware) that can't be modified without notice. But there we get into the whole "trusted computing" discussion.... kind regards, Robert
