On 2017-02-03 21:58, Stefan Sperling wrote:
On Fri, Feb 03, 2017 at 09:10:41PM +0800, Tinker wrote:
On 2017-02-03 21:03, Stefan Sperling wrote:
> On Fri, Feb 03, 2017 at 08:03:09PM +0800, Tinker wrote:
> > Hi,
> >
> > I have a OpenBSD 6.0 GENERIC.MP system set up as follows:
> >
> > * sd0 is a physical harddrive. It has a "b" partition for swap, and
> > an "a"
> > partition for a softraid. The softraid is represented by sd1 .
> >
> > * sd1 is the softraid. It has some UFS partitions (a, d, etc.).
> > Importantly, it has no swap partitoin (which, if it would have
> > existed,
> > would have been named "b" by convention), as the system's swap is on
> > sd0
> > already.
> >
> > To the best of my awareness this is a conventional and intended
> > OpenBSD
> > setup.
>
> No, the convention is to put swap onto the root disk.
But.. isn't "sd0" the what you call the "root disk" in this case?
The "root disk" is the one where the kernel finds the root filsystem,
for example: root on sd2a (6189a72b022271e5.a) swap on sd2b dump on
sd2b
Aha interesting.
Well, so, efficiency would be my only point of hesitation in this case,
and that leads us naturally to this point:
Also, if I would have put the swap on "sd1", then its contents would
be
encrypted doubly. Isn't that a bit wasteful.
Not at all. Swap encryption and disk encryption serve different
purposes.
Swap crypto keys are discarded when the system resets to make residual
data in swap unrecoverable.
I knew that swap crypto is enabled by default.
I thought that, if you put your swap disk on a crypto softraid, then,
you get a *sandwhiched* double crypto - both the swap crypto *and* the
softraid crypto, so double work?
Isn't that the case, so that it would be wasteful to have the swap on
the crypto sofraid for that reason?
Anyhow, ok if this is the case then thank you very much for
highlighting it.
Is the fact that this is the convention declared or reflected anywhere
else
(than in the fact that 'savecore' breaks if you not follow it)?
I don't know if this is specifically written down anywhere.
