On Tue, Oct 06, 2015 at 07:17:19PM +0800, Mikael wrote: > You > > 1) Fill your keydisk with zeroes and > > 2) Apply "bioctl -k" on it. > > Does this mean your key is now zeroes, meaning completely unsafe, or did > bioctl make a key for you? > > > The keydisk gets some "OPENBSDSR KEYDISK005" header but it says nowhere if > it actually made a key for you. > > If it generates it, then there is no mentioning in the man page of how to > use one keydisk for multiple volumes. Perhaps that means it doesn't > generate it afterall? > > Also it says nowhere how big the keydisk needs to be, and if it's any > benefit of if it's bigger than needed.
Perhaps this will answer your questions: http://www.openbsd.org/papers/eurobsdcon2015-softraid-boot.pdf
