Full disk encryption Titanium PowerBook G4

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Full disk encryption Titanium PowerBook G4

Scott C. MacCallum
Good morning,

I have a Titanium PowerBook G4 and I'd like to do full disk encryption before the installation of 6.6. I've referenced: https://www.openbsd.org/faq/faq14.html#softraidFDE and https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc, making device changes where I think it's appropriate, but after installation I got the infamous blinking Mac folder.

I've since successfully installed 6.6 without full disk encryption, so I suspect my failure is a result of picking a correct Open Firmware device-specifier.

Has anyone had success with this?

Scott
Reply | Threaded
Open this post in threaded view
|

Re: Full disk encryption Titanium PowerBook G4

Gao-Mi Baohao
Scott:

The last time I messed with it, booting from crypto softraid was not
supported on macppc (only i386, amd64, and sparc64).  The man page for
softraid ( https://man.openbsd.org/softraid.4 ) seems to confirm that this
is still the case.

It looks like the openbsd macppc loader simply does not support softraid
volumes at this time.

Most recently, when I was looking for something similar on an aluminum g4
powerbook, I ended up just doing an encrypted home slice, unlocked at boot
from rc.local (for example, see http://astro-gr.org/openbsd-encrypt-home/ ).

On Tue, Jan 28, 2020, 9:57 AM Scott C. MacCallum <[hidden email]>
wrote:

> Good morning,
>
> I have a Titanium PowerBook G4 and I'd like to do full disk encryption
> before the installation of 6.6. I've referenced:
> https://www.openbsd.org/faq/faq14.html#softraidFDE and
> https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc, making
> device changes where I think it's appropriate, but after installation I got
> the infamous blinking Mac folder.
>
> I've since successfully installed 6.6 without full disk encryption, so I
> suspect my failure is a result of picking a correct Open Firmware
> device-specifier.
>
> Has anyone had success with this?
>
> Scott
Reply | Threaded
Open this post in threaded view
|

Re: Full disk encryption Titanium PowerBook G4

Scott C. MacCallum
Gao-Mi:

Thanks for your response. It makes me feel better to know that the failure wasn't my doing. Thank you for sharing the encrypted home slice resource. I'm looking forward to giving that a shot.

Scott

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, January 28, 2020 10:38 AM, Gao-Mi Baohao <[hidden email]> wrote:

> Scott:
>
> The last time I messed with it, booting from crypto softraid was not supported on macppc (only i386, amd64, and sparc64).  The man page for softraid ( https://man.openbsd.org/softraid.4 ) seems to confirm that this is still the case.
>
> It looks like the openbsd macppc loader simply does not support softraid volumes at this time.
>
> Most recently, when I was looking for something similar on an aluminum g4 powerbook, I ended up just doing an encrypted home slice, unlocked at boot from rc.local (for example, see http://astro-gr.org/openbsd-encrypt-home/ ).
>
> On Tue, Jan 28, 2020, 9:57 AM Scott C. MacCallum <[hidden email]> wrote:
>
>> Good morning,
>>
>> I have a Titanium PowerBook G4 and I'd like to do full disk encryption before the installation of 6.6. I've referenced: https://www.openbsd.org/faq/faq14.html#softraidFDE and https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc, making device changes where I think it's appropriate, but after installation I got the infamous blinking Mac folder.
>>
>> I've since successfully installed 6.6 without full disk encryption, so I suspect my failure is a result of picking a correct Open Firmware device-specifier.
>>
>> Has anyone had success with this?
>>
>> Scott
Reply | Threaded
Open this post in threaded view
|

Re: Full disk encryption Titanium PowerBook G4

Marcus MERIGHI
Hello,

[hidden email] (Scott C. MacCallum), 2020.01.28 (Tue) 18:52 (CET):
> Thank you for sharing the encrypted home slice resource. I'm looking
> forward to giving that a shot.

I'd recommend two slices on the encrypted device. One small one (5GB)
and a large one (in my case 850GB). Make the small one the "a" slice and
the large one the "d" slice. Mount the small one as $HOME, the large one
as $HOME/data (or whatever you like).

This way, if you crash your system and fsck(8) needs to be run, you get
to access your $HOME fast and not only after fsck has finished on the
large slice.

Since your $HOME is now on softraid(4) CRYPTO, you need a way do unlock
your encrypted device *before* log in. What's you plan for that?

Marcus

> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, January 28, 2020 10:38 AM, Gao-Mi Baohao <[hidden email]> wrote:
>
> > Scott:
> >
> > The last time I messed with it, booting from crypto softraid was not
> > supported on macppc (only i386, amd64, and sparc64).  The man page
> > for softraid ( https://man.openbsd.org/softraid.4 ) seems to confirm
> > that this is still the case.
> >
> > It looks like the openbsd macppc loader simply does not support
> > softraid volumes at this time.
> >
> > Most recently, when I was looking for something similar on an
> > aluminum g4 powerbook, I ended up just doing an encrypted home
> > slice, unlocked at boot from rc.local (for example, see
> > http://astro-gr.org/openbsd-encrypt-home/ ).
> >
> > On Tue, Jan 28, 2020, 9:57 AM Scott C. MacCallum <[hidden email]> wrote:
> >
> >> Good morning,
> >>
> >> I have a Titanium PowerBook G4 and I'd like to do full disk
> >> encryption before the installation of 6.6. I've referenced:
> >> https://www.openbsd.org/faq/faq14.html#softraidFDE and
> >> https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc,
> >> making device changes where I think it's appropriate, but after
> >> installation I got the infamous blinking Mac folder.
> >>
> >> I've since successfully installed 6.6 without full disk encryption,
> >> so I suspect my failure is a result of picking a correct Open
> >> Firmware device-specifier.
> >>
> >> Has anyone had success with this?
> >>
> >> Scott