2015-10-06 19:54 GMT+08:00 Stefan Sperling <s...@stsp.name>: > On Tue, Oct 06, 2015 at 07:32:45PM +0800, Mikael wrote: > > 2015-10-06 19:27 GMT+08:00 Stefan Sperling <s...@stsp.name>: > > > Perhaps this will answer your questions: > > > http://www.openbsd.org/papers/eurobsdcon2015-softraid-boot.pdf > > > > > > > That one mentions nothing of what the keydisk is supposed to contain. > > > > Perhaps that was omitted for brevity? > > Indeed, it's not explained in detail. > The mask key is contained in an optional softraid meta data item. > > If no softraid meta date exists (as is the case when you zero the disk) > fresh meta data with a fresh mask key is written to the key disk slice. > > Does that answer your question? >
Aha. So at "-k" time, if there's no key on the keydisk structure already, it'll make one. So this is how you can use one and the same keydisk for multiple volumes. I guess by "mask key" you mean "stored encryption key" i.e. the whole point with the keydisk. Is that one generated by bioctl, or does it just take the bytes that happen to be at those positions already i.e. zeroes?? Also how big should a keydrive be? No docs say.
