NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD 10 RFE (ramdisk-cgdroot.fs in boot.cfg)



I am not interested in using Linux. I would like to setup Root Filesystem Encryption (unlock using passphrase) during boot. The man pages are out of date and unfortunately not helpful (https://wiki.netbsd.org/security/cgdroot/).

-Arvind




On Apr 29, 2024, at 3:57 PM, Lucifer <renegade6969666%gmail.com@localhost> wrote:

i dont fully understand

On Mon, Apr 29, 2024, 3:12 PM Arvind <arvind%protonmail.id@localhost> wrote:
Sure, was just using the linux remote unlock as an example of what we’re trying to get configured (after encrypting the root partition with passphrase unlock). Any help from the group would be much appreciated.

-Arvind




On Apr 29, 2024, at 2:57 PM, Lucifer <renegade6969666%gmail.com@localhost> wrote:

i recommend against third party for mission critical.

stay away from Linux.

On Mon, Apr 29, 2024 at 2:55 PM Arvind <arvind%protonmail.id@localhost> wrote:
The backup files themselves will be encrypted.

-Arvind




On Apr 29, 2024, at 2:53 PM, Lucifer <renegade6969666%gmail.com@localhost> wrote:

i find it interesting that you do not encrypt the backup...

On Mon, Apr 29, 2024 at 10:10 AM Arvind <arvind%protonmail.id@localhost> wrote:
Hi friends, hoping someone might be able to help or point in the right direction. We have a NetBSD 10 machine that requires Root Filesystem Encryption (unlock using passphrase) during boot. The man pages are out of date and unfortunately not helpful (https://wiki.netbsd.org/security/cgdroot/).

We are using UEFI/GPT. We have a boot partition but also another user defined partition (/backups) that is not encrypted.

Once configured, would also like to add remote ssh unlock using something like Dropbear. This is the equivalent on the Linux platform(s): https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux 

-Arvind






--



--




Home | Main Index | Thread Index | Old Index