On Thu, 20 Nov 2014 16:57:08 +0100, Janne Johansson <icepic...@gmail.com> wrote:
> Please don't mix "you" and "we" in the text on who is doing what. > Indeed, thanks. A new version with the wording more consistent with the general tone (I hope). Index: faq14.html =================================================================== RCS file: /cvs/www/faq/faq14.html,v retrieving revision 1.247 diff -u -p -u -p -r1.247 faq14.html --- faq14.html 18 Nov 2014 02:00:07 -0000 1.247 +++ faq14.html 20 Nov 2014 16:09:38 -0000 @@ -3057,6 +3057,42 @@ and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4";>softraid(4)</a> on your system. +<h4>Mounting a cryptographic softraid volume at boot</h4> + +This setup can be used for additional softraid volumes which don't +contain the root partition. + +<p> +You need to know the <a href="faq14.html#DUID">DUID</a>s of the +physical device and the one of the softraid volume. + +<blockquote><pre> +$ <b>disklabel sd0 | grep duid</b> +duid: 4d498d4248c8d056 +$ <b>disklabel sd1 | grep duid</b> +duid: b1e264fc29000110 +</pre></blockquote> + +Use <i>/etc/rc.local</i> to decrypt, do a minor fsck check and +finally mount the volume and be sure to use the DUID of the physical +disk: + +<blockquote><pre> +# <b>echo "bioctl -c C -l 4d498d4248c8d056.m softraid0" >> /etc/rc.local</b> +# <b>echo "\"check /data\"; fsck -p /data; mount -s /data" >> /etc/rc.local</b> +</pre></blockquote> + +Add the entry of the partition in <i>/etc/fstab</i> with the DUID +of the crypto volume with the flag <i>noauto</i> so the system +doesn't try to mount it with the other partitions as they're mounted +before <i>/etc/rc.local</i> is run thus the crypto volume doesn't exist +for the system, yet. + +<blockquote><pre> +# <b>echo "b1e264fc29000110.p /data ffs \</b> + <b> rw,nodev,nosuid,noauto 0 0" >> /etc/fstab</b> +</pre></blockquote> + <h4>I forgot my passphrase!</h4> Sorry. This is real encryption, there's not a back door or magic unlocking
