On Wed, May 25, 2016 at 07:35:04PM +0200, Robert Campbell wrote: > https://www.openbsd.org/faq/faq14.html#softraid > > In the FAQ > Disk Setup > Full Disk Encryption section there are these > lines after the encrypted drive has been set up: > > > As in the previous example, we'll overwrite the first megabyte of our > new pseudo-device. > > > > # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 > > Why? > > It isn't clear to me why I'd want to do this. It's clear in the referenced > "previous example" why you'd want actual random data to surround the > random-looking encrypted data to obscure its presence/boundary. >
>From http://man.openbsd.org/bioctl.4: After creating a newly encrypted disk, the first megabyte of it should be zeroed, so tools like fdisk(8) or disklabel(8) don't get confused by the random data that appears on the new disk. This can be done with the following command (assuming the new disk is sd3): # dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 The "previous example" alluded to refers to "installing to a mirror", more precisely this section: Because the new device probably has a lot of garbage where you expect a master boot record and disklabel, zeroing the first chunk of it is highly recommended. Be very careful with this command; issuing it on the wrong device could lead to a very bad day. This assumes that the new softraid device was created as sd0. # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 This could probably be made a bit clearer.
