Yep, since my last mail I set it up on one big encrypted softraid, including the swap and turned off swap encryption and created a key disk on usb instead of a password. Works a lot better now and ZZZ works as it should (any ZZZ issues left are most likely related to not yet supported hardware).
> On 17 May 2015, at 08:08, dan mclaughlin <thev...@openmailbox.org> wrote: > > On Sun, 17 May 2015 04:32:38 +0200 Fredrik Alm <f...@fredrikalm.com> wrote: >>> On 17 May 2015, at 02:19, dan mclaughlin <thev...@openmailbox.org> wrote: >>> >>> On Sun, 17 May 2015 00:20:52 +0200 Fredrik Alm <f...@fredrikalm.com> wrote: >>>> I’ve seen a few “whole disk encryption” >>>> tutorials which puts the swap outside of the partition used for the >>>> softraid >>>> encryption, since openbsd already encrypts the swap partition anyway. I >>>> assume that by putting the swap inside the encrypted partition, there will >>>> be performance penalties because encryption is done twice? could someone >>>> shed a little light on this issue? >>>> >>> >>> where did you see those tutorials? i attempted this some months ago (6-7) >>> and >>> it was not possible to have swap outside of the softraid. i forget what the >>> exact problem was (i should have taken better notes...). i believe the >>> system wouldn't boot properly, and i think it was because the swap partition >>> was on a different device. >>> >>> in the end i found it easier to just leave it all in the softraid for other >>> reasons in addition to that issue. as to swap encryption, i disabled it. no >>> need to encrypt twice. >> >> this is one of the tutorials: http://www.bsdnow.tv/tutorials/fde >> >> I found that when the swap was on a different disk >> (sd0b instead of sd1b, with the rest of the encrypted stuff on the softraid >> disk) >> the swap had to be added manually to the fstab and even then it was >> defaulted to /dev/sdb1 (which didn’t exist) for coredumps. I assume this is >> why ZZZ exited with a kernel error instead of hibernating when I tried this >> disklayout. When I just put everything including the swap on the softraid it >> worked like normal. I’ll just try turning the swap encryption off then, seems >> easier than reconfiguring the kernel to use sd0b as a dump device. >> > > your experience sounds familiar (swap expected to be on the root device), > and is why i think i abandoned the attempt to put the swap outside the > partition. though i am pretty sure i had problems right at boot, not later. > > honestly though, i don't know how the guy who wrote that tutorial got it to > work (if in fact he did...), i remember it being completely unworkable. i > think the only option was to rebuild the kernel, as you said, which really > isn't an option. > > also, those instructions to use bioctl will only work if there has not been > a softraid crypto volume there previously. you need to clear the space via > dd as in bioctl(8).