On Wed, Apr 15, 2009 at 9:06 AM, Raimo Niskanen
<raimo+open...@erix.ericsson.se> wrote:
> On Tue, Apr 14, 2009 at 01:51:59PM -0700, new_guy wrote:
>> I've begun using OpenBSD on portable computers/laptops. I want to guard
>> against theft. I can't stand the thought of some crook pawing my laptop and
>> someone looking over my personal files... pictures of my family, my taxes,
>> etc... it keeps me awake at night.
>>
>> I set the option to configure swap in sysctl.conf and I'd like to now
>> encrypt /home (where I keep all of my personal files). I've googled, but
>> nothing clear comes up. I'm using 4.5 current on an Asus eeepc 701 (the
>> original one). I can reinstall and re-partition if necessary, but I'd rather
>> not compile a custom kernel... any tips?
>
> Besides mount_vnd(8), have a look at softraid(4) and bioctl(8) <hint: -c C>.
This is what I have in rc.securelevel:
###
echo "Configuring /home"
TRY=3
while [ $TRY -gt 0 ]; do
bioctl -c C -l /dev/sd0f softraid0
if [ $? -eq 0 ]; then
fsck -p /dev/sd1c \
&& mount -o softdep /dev/sd1c /home
break
fi
let TRY=TRY-1
done
###
sd0f is my RAID slice, sd1 is the disk connected to softraid0 and sd1c
is my /home partition.
I've put all this in rc.securelevel and not rc.local because I use my
default user as recipient for
root mail and if /home is not mounted sendmail, which is started after
rc.securelevel but before
rc.local, cannot deliver correctly as there is no /home/<user> directory.
I think the man page for softraid is clean enough to understand how to
create the encrypted partition.
HTH,
D.
