On Sun, 16 Nov 2014 20:09:35 +0100, Daniel Jakots <vigdis+o...@chown.me> wrote:
> I wanted to add some content to FAQ14 Here it is. This can be useful for people who want to encrypt only their /home or people who want to automatically mount another disk encrypted at boot (me). Cheers, Daniel Index: faq14.html =================================================================== RCS file: /cvs/www/faq/faq14.html,v retrieving revision 1.247 diff -u -p -u -p -r1.247 faq14.html --- faq14.html 18 Nov 2014 02:00:07 -0000 1.247 +++ faq14.html 20 Nov 2014 15:29:41 -0000 @@ -3057,6 +3057,41 @@ and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4";>softraid(4)</a> on your system. +<h4>Mounting a cryptographic softraid volume at boot</h4> + +This setup can be used for additional softraid volumes which don't +contain the root partition. + +<p> +You need to know the <a href="faq14.html#DUID">DUID</a>s of the +physical device and the one of the softraid volume. + +<blockquote><pre> +$ <b>disklabel sd0 | grep duid</b> +duid: 4d498d4248c8d056 +$ <b>disklabel sd1 | grep duid</b> +duid: b1e264fc29000110 +</pre></blockquote> + +We will use <i>/etc/rc.local</i> to decrypt, do a minor fsck check and +finally mount the volume. We use the DUID of the physical disk: + +<blockquote><pre> +# <b>echo "bioctl -c C -l 4d498d4248c8d056.m softraid0" >> /etc/rc.local</b> +# <b>echo "\"check /data\"; fsck -p /data; mount -s /data" >> /etc/rc.local</b> +</pre></blockquote> + +We add the entry of the partition in <i>/etc/fstab</i> with the DUID +of the crypto volume. We also add the flag <i>noauto</i> so the system +doesn't try to mount it with the other partitions as they're mounted +before <i>/etc/rc.local</i> is run thus the crypto volume doesn't exist +for the system, yet. + +<blockquote><pre> +# <b>echo "b1e264fc29000110.p /data ffs \</b> + <b> rw,nodev,nosuid,noauto 0 0" >> /etc/fstab</b> +</pre></blockquote> + <h4>I forgot my passphrase!</h4> Sorry. This is real encryption, there's not a back door or magic unlocking
