On 11/10/12, Barry Grumbine <barry.grumb...@gmail.com> wrote: > On Fri, Nov 9, 2012 at 7:58 PM, hepta tor <hepta...@gmail.com> wrote: >> Hi >> >> Are there any plans to provide some simple ways for full disk >> encryption in OpenBSD? I now that there are some approaches/tools to >> encrypt volumes, but I'd like to know if it also possible to encrypt >> the boot and swap partitions and have simple means for this. >> >> In the FAQ it says: >> "If an attacker has physical access to your system, they win, >> regardless of the OS on the computer. There are ways to force the use >> of a password on single-user mode (see ttys(5)), or eliminate the >> pause on i386/amd64 (see boot.conf), but practically speaking, getting >> around those tricks is also pretty easy (One way: boot floppy or >> CDROM, edit or replace password file). You can try to prevent that, >> but then someone will pull the hard disk out of your computer. Making >> your computer difficult to manage properly isn't real security, and if >> you don't have the physical machine secured, you have no real >> security. " >> >> Does this mean that OpenBSD doesn't strive to provide any build-in >> security when "you don't have the physical machine secured"? >> >> thanks! >> hepta >> > > Read this thread: > http://marc.info/?l=openbsd-misc&m=135198427413548&w=2 > > run -current.
Thanks for the pointer. Do you know if there are any guidelines on how to configure FDE with what's implemented in -current? At http://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption there is a kind of mini tutorial on how to configure softraid for encryption - does anyone know if this is compatible with what's implemented in -current? -h
