encrypting fs

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

encrypting fs

Friedrich Locke
Hi folks,

I have a doubt related to fs encryption.
May i encrypt the wd0c file system partition and have the sd0 disk fully
encrypted for any one partition like a, d e f .... ?

Thanks in advance.

Reply | Threaded
Open this post in threaded view
|

Re: encrypting fs

Gregor Best-2
On Wed, Jun 29, 2016 at 05:39:48PM -0300, Friedrich Locke wrote:
> [...]
> I have a doubt related to fs encryption.
> May i encrypt the wd0c file system partition and have the sd0 disk
> fully encrypted for any one partition like a, d e f .... ?
> [...]

OpenBSD does support Full Disk Encryption, yes. You'd create a partition
of type RAID on wd0c, spanning the whole disk. Then set that up as a
softraid crypto disk and install OpenBSD on the sd device that appears
after attaching the softraid. [0] has further details.

[0]: https://www.openbsd.org/faq/faq14.html#softraidFDE

--
        Gregor

Reply | Threaded
Open this post in threaded view
|

Re: encrypting fs

Philip Guenther-2
On Wed, Jun 29, 2016 at 2:47 PM, Gregor Best <[hidden email]> wrote:
> On Wed, Jun 29, 2016 at 05:39:48PM -0300, Friedrich Locke wrote:
>> [...]
>> I have a doubt related to fs encryption.
>> May i encrypt the wd0c file system partition and have the sd0 disk
>> fully encrypted for any one partition like a, d e f .... ?
>> [...]
>
> OpenBSD does support Full Disk Encryption, yes. You'd create a partition
> of type RAID on wd0c

NOOOOOOOOOOOOOOOOOO.  NEVER THE 'c' PARTITION!


> [0]: https://www.openbsd.org/faq/faq14.html#softraidFDE

The directions at that link are correct...and have you create a
partition of type RAID as the 'a' partition.


Philip Guenther

Reply | Threaded
Open this post in threaded view
|

Re: encrypting fs

Gregor Best-2
On Wed, Jun 29, 2016 at 02:53:57PM -0700, Philip Guenther wrote:

> On Wed, Jun 29, 2016 at 2:47 PM, Gregor Best <[hidden email]> wrote:
> > On Wed, Jun 29, 2016 at 05:39:48PM -0300, Friedrich Locke wrote:
> >> [...]
> >> I have a doubt related to fs encryption.
> >> May i encrypt the wd0c file system partition and have the sd0 disk
> >> fully encrypted for any one partition like a, d e f .... ?
> >> [...]
> >
> > OpenBSD does support Full Disk Encryption, yes. You'd create a partition
> > of type RAID on wd0c
>
> NOOOOOOOOOOOOOOOOOO.  NEVER THE 'c' PARTITION!
>
>
> > [0]: https://www.openbsd.org/faq/faq14.html#softraidFDE
>
> The directions at that link are correct...and have you create a
> partition of type RAID as the 'a' partition.
> [...]

Right, that's what I meant by 'create a partition on wd0c'. Should've
proof read that before I sent it, thanks for the clarification.

>
> Philip Guenther
>

--
        Gregor
--

The problem with people who have no vices is that generally you can be
pretty sure they're going to have some pretty annoying virtues.
                -- Elizabeth Taylor