On Tue, Apr 14, 2009 at 01:51:59PM -0700, new_guy wrote:
> I've begun using OpenBSD on portable computers/laptops. I want to guard
> against theft. I can't stand the thought of some crook pawing my laptop and
> someone looking over my personal files... pictures of my family, my taxes,
> etc... it keeps me awake at night.
>
> I set the option to configure swap in sysctl.conf and I'd like to now
> encrypt /home (where I keep all of my personal files). I've googled, but
> nothing clear comes up. I'm using 4.5 current on an Asus eeepc 701 (the
> original one). I can reinstall and re-partition if necessary, but I'd rather
> not compile a custom kernel... any tips?
no need for custom kernel, read mount_vnd(8). you can also run this
script at boot to mount your /home after getting correct password from
user:
#!/bin/sh
# mount crypto partition
COUNTER=0
MAX_TRIES=3
SALT=/crypto/home.slt
IMG=/crypto/home.img
ROUNDS=20000
MOUNT_PNT=/home
DISK=svnd0
PART=c
MOUNT_OPTS="rw,nodev,nosuid,softdep"
if [ ! -f $IMG -o ! -f $SALT ]; then
echo "[-] $IMG or $SALT not found"
exit
fi
#echo
while [ $COUNTER -lt $MAX_TRIES ]
do
sleep $(($COUNTER*2))
echo "[+] Mounting $MOUNT_PNT"
/sbin/vnconfig -K $ROUNDS -S $SALT $DISK $IMG
/sbin/fsck -y /dev/$DISK$PART
/sbin/mount -o $MOUNT_OPTS /dev/$DISK$PART $MOUNT_PNT
if [ $? != 0 ] ; then
/sbin/vnconfig -u $DISK
COUNTER=$(($COUNTER+1))
else
echo "[+] Success."
exit #normal exit point
fi
done
echo "[-] Failure."
