> >depends what you want to achieve, but my recommendation is booting from > USB > >and mount encrypted root from the HDD. > >you can safely remove the usb key after root mount and all your configs/etc > >files are used from the encrypted storage. > >this ensures 2 things: bootloader + kernel on USB boot media cannot be > >attacked during system uptime and all bytes on disk are encrypted. > >another advantage is, you don't need (to type, write down or remember) any > >passphrases but can use strong random data for crypto payload/keys. > > > > How do you do this on OpenBSD? @frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
- Full disk encryption including /boot, excluding bootload... cipher-hearts
- Re: Full disk encryption including /boot, excluding... Otto Moerbeek
- Re: Full disk encryption including /boot, excluding... chohag
- Re: Full disk encryption including /boot, exclu... no@s...@mgedv.net
- Re: Full disk encryption including /boot, e... Sebastian Benoit
- Re: Full disk encryption including /boot, e... Frank Beuth
- Re: Full disk encryption including /boo... no@s...@mgedv.net
- Re: Full disk encryption including... Frank Beuth
- Re: Full disk encryption inclu... Julius Zint
- Re: Full disk encryption i... Frank Beuth
- Re: Full disk encryption i... Julius Zint
- Re: Full disk encryption i... Kevin Chadwick
- Re: Full disk encryption i... Jan Betlach
- Re: Full disk encryption i... Frank Beuth
- Re: Full disk encryption i... Eric Furman
- Re: Full disk encryption i... Dumitru Moldovan
- Re: Full disk encryption i... Julius Zint
