On Fri, Nov 9, 2012 at 7:58 PM, hepta tor <hepta...@gmail.com> wrote: > Hi > > Are there any plans to provide some simple ways for full disk > encryption in OpenBSD? I now that there are some approaches/tools to > encrypt volumes, but I'd like to know if it also possible to encrypt > the boot and swap partitions and have simple means for this. > > In the FAQ it says: > "If an attacker has physical access to your system, they win, > regardless of the OS on the computer. There are ways to force the use > of a password on single-user mode (see ttys(5)), or eliminate the > pause on i386/amd64 (see boot.conf), but practically speaking, getting > around those tricks is also pretty easy (One way: boot floppy or > CDROM, edit or replace password file). You can try to prevent that, > but then someone will pull the hard disk out of your computer. Making > your computer difficult to manage properly isn't real security, and if > you don't have the physical machine secured, you have no real > security. " > > Does this mean that OpenBSD doesn't strive to provide any build-in > security when "you don't have the physical machine secured"? > > thanks! > hepta >
Read this thread: http://marc.info/?l=openbsd-misc&m=135198427413548&w=2 run -current.
