crypto:openbsd
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
crypto:openbsd [2015-03-07 14:21] – created gabriel | crypto:openbsd [2019-08-10 14:42] (current) – title gabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== OpenBSD ====== | ||
+ | |||
I use an OpenBSD virtual host (VMware guest) for certain cryptography requirements (managing the Quay x509 Root CA, some gpg uses). | I use an OpenBSD virtual host (VMware guest) for certain cryptography requirements (managing the Quay x509 Root CA, some gpg uses). | ||
Line 6: | Line 8: | ||
I store secret keys on this VM image so I would like the filesystem to be encrypted to that it is not easily accessible if somebody gets a copy of the VMDK files. | I store secret keys on this VM image so I would like the filesystem to be encrypted to that it is not easily accessible if somebody gets a copy of the VMDK files. | ||
+ | |||
+ | More detail is available here: http:// | ||
+ | |||
+ | I skimmed through these tutorials as well before deciding how I wanted to do this: | ||
+ | |||
+ | * http:// | ||
+ | * http:// | ||
Here are some terse instructions for making this work: | Here are some terse instructions for making this work: | ||
<code bash> | <code bash> | ||
- | Test | + | ## these instructions assume you're using SCSI disks |
+ | ## modify the device names as needed (e.g.: wd instead of sd for ATA) | ||
+ | fdisk -iy sd0 | ||
+ | disklabel -E sd0 # enter the label editor | ||
+ | |||
+ | ## these commands are run at the label editor prompt, not the shell | ||
+ | # set up a 1GB swap partition (OpenBSD encrypts swap by default | ||
+ | # so we can exclude it from our crypto RAID) | ||
+ | > a b | ||
+ | offset: [64] | ||
+ | size [10474316] 1g | ||
+ | Rounding size to cylinder (16065 sectors): 2104451 | ||
+ | FS type: [swap]: | ||
+ | > a a | ||
+ | offset: [2104515] | ||
+ | size: [31439205] * | ||
+ | FS type: [4.2BSD] RAID | ||
+ | > w | ||
+ | > q | ||
+ | No label changes. | ||
+ | |||
+ | ## now create the softraid crpyto volume | ||
+ | bioctl -c C -l /dev/sd0a softraid0 | ||
+ | # enter your passphrase for the volume | ||
+ | # you should see " | ||
+ | exit | ||
+ | |||
+ | ## you can complete the install as usual now on sd1 | ||
</ | </ | ||
+ | |||
+ | ===== Notes ===== | ||
+ | |||
+ | If you want to find the hardware names of your disks you can use: '' |
crypto/openbsd.1425756099.txt.gz · Last modified: 2015-03-07 14:21 by gabriel