stonee%Safe-mail.net@localhost wrote:
Is full disk encryption possible under NetBSD? I've seen the article using the CGD driver (http://www.netbsd.org/docs/guide/en/chap-cgd.html), but there is not mention of encrypting the root file system. I'd imagine that this is possible coupled with the package mklivecd.
Yes, you can do it using the sysctl init.root. However, be warned that it does not work for me any longer (when I ran i386 it worked, with amd64 it does not), though it works for others. I get a really flakey behavior (there's a PR on it). Someone suggested that it may be a permissions problem, but I've tested that theory, and it didn't change anything.
As time permits, I'm trying to find a solution where one can hardcode CGD parameters in the kernel configuration file, and specify a cgd-device as a boot device. That way you wouldn't need to create a ramfs.
-- Kind regards, Jan Danielsson
Attachment:
signature.asc
Description: OpenPGP digital signature