On Sun, Mar 08, 2026 at 11:00:10AM +0000, Crystal Kolipe wrote: > On Sat, Mar 07, 2026 at 07:35:43PM -0600, Tim Chase wrote: > > On 2026-03-07 17:38, Theo de Raadt wrote: > > > Placing a softraid key disk on top of a vnd doesn't make sense. > > > > It allows unlocking a primary drive with a password, availing the > > keyfile/key"disk" that then unlocks subsequent disks (rather than > > needing to enter a password for each of the subsequent disks). > > You can easily do this without vnd. > > Just FDE the boot disk, store passphrases for each of the subsequent disks in > files in /etc/, and modify /etc/rc to attach those disks immediately before > rc calls fsck. >
^^ this. Been doing that for years.
