What is the best method to harden OpenBSD in a diskless mode?
I am going to use Librebooted X86 amd64 + Linux for a ZFS host, in a very minimum config like: https://dev1galaxy.org/viewtopic.php?pid=21098#p21098 short (30-50cm) direct dedicated Ethernet cable between Orange PI ONE and X86 host, a firewall on both hosts which allows only a single connection of NFS from a single specific corresponding IP address. X86 booted from ROM or from a very old SD card or even from a floppy (grub4dos). Everything which can be encrypted (actually only against disk firmwares) is encrypted by luks: system, ZFS pool devs, etc. What can be improved? >> OpenBSD can run diskless but not sure if it works well, that depends on >> your workload and opinion. > >OpenBSD works "well" as a diskless system (see diskless(8)). The value >of "well" depends on your expectations. I don't run any of my OpenBSD >systems with a graphical UI, for example, and I don't need super fast >disk access to edit files or read my email. > >-- >Andreas (Kusalananda) Kähäri >SciLifeLab, NBIS, ICM >Uppsala University, Sweden > >.
