Nick Guenther wrote:
On 10/7/07, Timo Myyrd <[EMAIL PROTECTED]> wrote:
Nick Guenther wrote:
On 10/6/07, Timo Myyrd <[EMAIL PROTECTED]> wrote:
I have read the mount_vnd manual page and it describes the mount options
of the image that are needed to succesfully mount the partition on boot
but didn't reveal if there's a method to encrypt whole partition. I know
it will give me small performance hit to encrypt whole partition but it
should be OK. I had all of my HD except the /boot partition encrypted
with Linux and I didn't notice any difference in casual use.
Currently waiting for the urandom to fill the image...
Timo
Hm? I don't understand what you don't understand.
There's no such thing as a half-encrypted svnd (=partition). If you
can mount an encrypted svnd then you have a totally encrypted drive.
If you put it in fstab even better, but you need to somehow get it to
ask you for a password (-k) or give it a saltfile (-K) from somewhere
when it does that (and you better not store that password on the same
laptop).
-Nick
I mean that can I encrypt my /dev/sd0g directly instead of creating
image in it and encrypting and mounting that image as /home.
I tried to read about the svnd and it only seems to work on files.
Yes, exactly ;)
This is Unix, where everything is a file (or tries to be):
vnconfig /dev/sd0g svnd0
On a tangential note, it's useful to understand what you can do with
ccd(4) if you are creative about it.
-Nick
I tested above and following:
mount_vnd -K 20000 -S /root/image.slt svnd0 /dev/sd0g
both prompted for encryption key but then give following message:
vnconfig: VNDIOCSET: Inappropriate ioctl for device
Timo
