On Sun, Nov 23, 2008 at 07:39:37PM +0100, vincent wrote: > Following this old thread (Feb 08) > http://marc.info/?l=openbsd-misc&m=120345491121853&w=2 , > I'm wondering what's the status of booting with root filesystem in > softraid in 4.4 or in -current. It was said by Marco Peereboom in the > same thread that this was planned. > > I wanted to test new softraid crypto of OpenBSD for full disk > encryption, but I'm not able to find anything on using initial ramdisks > like Linux can do to mount the encrypted root. Is it possible to get the > softraid online before mounting the root filesystem, or remount it over > then? With linux I do this with an USB drive, and I hope I can do it > with PXE for OpenBSD.
I am working (for fun) on a solution where I mount /tmp /var /usr /home and... /etc from an softraid encrypted drive. I thought it was working but I have just found new problems on a new installation. The / partition has an /etc/rc that activates softraid0, parses dmsg to find the root drive, uses sysctl to find the encrypted drive, file checks and mounts /etc leaves a sleep process with /etc as working dir to keep it from unmounting and then jumps to the regular /etc/rc, after rewriting /etc/fstab to use the current drives on this boot. / contains only public stuff plus my /etc/rc that also will be public. This is as close I have come to an encrypted root drive with OpenBSD so far. I look forward to be able to boot from softraid0... Keep up the good work, developers! > > > Also, just a few questions about the crypto softraid: what's the > encryption method used by default? XTS+AES? Can it be changed? Are there > others? Is it possible to keep the keys out of the drive, like Linux' > loop-aes can do, or do they have to stay, like dm-crypt? > > Thanks! -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
