cipher-hea...@riseup.net writes: > > On Linux you can do the following: > > Hard drive: > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely > encrypted] } > > Then the only parts of the (x64) computer that are unencrypted are the BIOS > and GRUB.
This is how it already does it with the exception that the unencrypted data are not in a regular partition. Instead the unencrypted bootloader exists within the space allocated for the disklabel (and the MBR on x86) which then locates and decrypts the partition containing the kernel. > You can then move the GRUB offline if you wish, execute it externally. > > > Is something like this possible on OpenBSD? I have briefly looked into locating the unencrypted parts of OpenBSD's bootloader on a seperate detachable disc, as I had managed to cobble together previously, but the kernel is told where its root partition is in quite a different way from Linux and I decided I didn't want to trawl through x86 real mode assembly any more. It can be done of course but you may have to hack at the bootloader to make it work. I only did it with Linux to prove that I could not because it was useful. Matthew