On Sun, 17 May 2015 04:32:38 +0200 Fredrik Alm <f...@fredrikalm.com> wrote:
> > On 17 May 2015, at 02:19, dan mclaughlin <thev...@openmailbox.org> wrote:
> > 
> > On Sun, 17 May 2015 00:20:52 +0200 Fredrik Alm <f...@fredrikalm.com> wrote:
> >> I’ve seen a few “whole disk encryption”
> >> tutorials which puts the swap outside of the partition used for the 
> >> softraid
> >> encryption, since openbsd already encrypts the swap partition anyway. I
> >> assume that by putting the swap inside the encrypted partition, there will
> >> be performance penalties because encryption is done twice? could someone
> >> shed a little light on this issue?
> >> 
> > 
> > where did you see those tutorials? i attempted this some months ago (6-7) 
> > and
> > it was not possible to have swap outside of the softraid. i forget what the
> > exact problem was (i should have taken better notes...). i believe the
> > system wouldn't boot properly, and i think it was because the swap partition
> > was on a different device.
> > 
> > in the end i found it easier to just leave it all in the softraid for other
> > reasons in addition to that issue. as to swap encryption, i disabled it. no
> > need to encrypt twice.
> 
> this is one of the tutorials: http://www.bsdnow.tv/tutorials/fde
> 
> I found that when the swap was on a different disk
> (sd0b instead of sd1b, with the rest of the encrypted stuff on the softraid 
> disk)
> the swap had to be added manually to the fstab and even then it was
> defaulted to /dev/sdb1 (which didn’t exist) for coredumps. I assume this is
> why ZZZ exited with a kernel error instead of hibernating when I tried this
> disklayout. When I just put everything including the swap on the softraid it
> worked like normal. I’ll just try turning the swap encryption off then, 
> seems
> easier than reconfiguring the kernel to use sd0b as a dump device.
> 

your experience sounds familiar (swap expected to be on the root device),
and is why i think i abandoned the attempt to put the swap outside the
partition. though i am pretty sure i had problems right at boot, not later.

honestly though, i don't know how the guy who wrote that tutorial got it to
work (if in fact he did...), i remember it being completely unworkable. i
think the only option was to rebuild the kernel, as you said, which really
isn't an option.

also, those instructions to use bioctl will only work if there has not been
a softraid crypto volume there previously. you need to clear the space via
dd as in bioctl(8).

Reply via email to