crypto:openbsd
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
crypto:openbsd [2015-03-07 14:21] – created gabriel | crypto:openbsd [2015-03-07 14:58] – [Encrypting the Filesystem] fixing links gabriel | ||
---|---|---|---|
Line 6: | Line 6: | ||
I store secret keys on this VM image so I would like the filesystem to be encrypted to that it is not easily accessible if somebody gets a copy of the VMDK files. | I store secret keys on this VM image so I would like the filesystem to be encrypted to that it is not easily accessible if somebody gets a copy of the VMDK files. | ||
+ | |||
+ | More detail is available here: http:// | ||
+ | |||
+ | I skimmed through these tutorials as well before deciding how I wanted to do this: | ||
+ | |||
+ | * http:// | ||
+ | * http:// | ||
Here are some terse instructions for making this work: | Here are some terse instructions for making this work: | ||
<code bash> | <code bash> | ||
- | Test | + | ## these instructions assume you're using SCSI disks |
+ | ## modify the device names as needed (e.g.: wd instead of sd for ATA) | ||
+ | fdisk -iy sd0 | ||
+ | disklabel -E sd0 # enter the label editor | ||
+ | |||
+ | ## these commands are run at the label editor prompt, not the shell | ||
+ | # set up a 1GB swap partition (OpenBSD encrypts swap by default | ||
+ | # so we can exclude it from our crypto RAID) | ||
+ | > a b | ||
+ | offset: [64] | ||
+ | size [10474316] 1g | ||
+ | Rounding size to cylinder (16065 sectors): 2104451 | ||
+ | FS type: [swap]: | ||
+ | > a a | ||
+ | offset: [2104515] | ||
+ | size: [31439205] * | ||
+ | FS type: [4.2BSD] RAID | ||
+ | > w | ||
+ | > q | ||
+ | No label changes. | ||
+ | |||
+ | ## now create the softraid crpyto volume | ||
+ | bioctl -c C -l /dev/sd0a softraid0 | ||
+ | # enter your passphrase for the volume | ||
+ | # you should see " | ||
+ | exit | ||
+ | |||
+ | ## you can complete the install as usual now on sd1 | ||
</ | </ | ||
+ | |||
+ | ===== Notes ===== | ||
+ | |||
+ | If you want to find the hardware names of your disks you can use: sysctl hw.disknames |
crypto/openbsd.txt · Last modified: 2019-08-10 14:42 by gabriel