I have a laptop with two hard drives, a small fast ssd and a large slow
hdd (since replaced with a larger fast ssd). Both drives are encrypted
using bioctl. sd1 is the smaller boot device which becomes sd2, sd0 is
the larger device which becomes sd3. sd2 is activated before the kernel
by the bootloader after I successfully type in the password. sd3 is
activated during the boot phase using (only) a key in /etc/sd0.key.
Currently after every upgrade I patch /etc/rc to run /etc/rc.blockdev
(containing bioctl -cC -p /etc/sd0.key -l sd0a softraid0) before the
additional filesystems are checked or mounted.
Before I resign myself to patching /etc/rc in perpetuity, is there a
better or more canonical way to activate a second encrypted disc using a
key file in /etc before filesystems defined in /etc/fstab are checked or
mounted (it becomes /srv)?
The patch I use is below. Ignore the date; I've been using this since
around 6.2 at least. I feel rather silly saying that you're welcome to
use this tiny patch if it's useful, but there it is and you are.
Incidentally the real patch also also runs /etc/rc.early immediately
after rm -f /fastboot in order to move X to vt12 and open up vts 5 to
11 because I couldn't find any other way to hook into the boot process
early enough but I suspect I'm on my own with that one. (The command to
do that, if anyone's interested, is for c in 6 7 8 9 10 11; do wsconscfg
$c; done and you also need to update Xservers and ttys).
Matthew
--- rc.orig Sun Jan 6 10:49:26 2019
+++ rc.mine Sun Jan 6 10:52:03 2019
@@ -353,6 +353,8 @@
exit 0
fi
+[[ -f /etc/rc.blockdev ]] && sh /etc/rc.blockdev
+
# Add swap block-devices.
swapctl -A -t blk
