On 10/7/07, Timo Myyrd <[EMAIL PROTECTED]> wrote: > Nick Guenther wrote: > > On 10/7/07, Timo Myyrd <[EMAIL PROTECTED]> wrote: > > > >> Nick Guenther wrote: > >> > >>> On 10/6/07, Timo Myyrd <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>>> I have read the mount_vnd manual page and it describes the mount options > >>>> of the image that are needed to succesfully mount the partition on boot > >>>> but didn't reveal if there's a method to encrypt whole partition. I know > >>>> it will give me small performance hit to encrypt whole partition but it > >>>> should be OK. I had all of my HD except the /boot partition encrypted > >>>> with Linux and I didn't notice any difference in casual use. > >>>> > >>>> Currently waiting for the urandom to fill the image... > >>>> > >>>> Timo > >>>> > >>>> > >>> Hm? I don't understand what you don't understand. > >>> There's no such thing as a half-encrypted svnd (=partition). If you > >>> can mount an encrypted svnd then you have a totally encrypted drive. > >>> If you put it in fstab even better, but you need to somehow get it to > >>> ask you for a password (-k) or give it a saltfile (-K) from somewhere > >>> when it does that (and you better not store that password on the same > >>> laptop). > >>> > >>> -Nick > >>> > >>> > >>> > >>> > >> I mean that can I encrypt my /dev/sd0g directly instead of creating > >> image in it and encrypting and mounting that image as /home. > >> I tried to read about the svnd and it only seems to work on files. > >> > > > > Yes, exactly ;) > > This is Unix, where everything is a file (or tries to be): > > vnconfig /dev/sd0g svnd0 > > > > On a tangential note, it's useful to understand what you can do with > > ccd(4) if you are creative about it. > > > > -Nick > > > > > > > I tested above and following: > mount_vnd -K 20000 -S /root/image.slt svnd0 /dev/sd0g > > both prompted for encryption key but then give following message: > vnconfig: VNDIOCSET: Inappropriate ioctl for device
Oh, I guess I was wrong then. Argh. Yeah, use Chris's idea.
