[email protected] (Grégoire Jadi), 2021.01.30 (Sat) 11:03 (CET):
> Joe Nelson <[email protected]> writes:
>
> > Second, how do I get the OS to prompt me during startup for a
> > passphrase, and mount the encrypted drive? (It's not the primary drive
> > with the OS on it, which seems nonstandard.)
>
> Checkout rc(8), in particular rc.local.
>
> I've used something like:
>
> echo 'adding encrypted home partition'
> bioctl -c C -l ENCRYPTED_UID.k softraid0 && \
> fsck DECRYPTED_UID.a && \
> mount /home
>
> Could be improved with a loop to retry in case you misstype the
> passphrase.
This is just another suggestion...
If you run xenodm(1) you can put the following in
/etc/X11/xenodm/Xsetup_0 :
ssh-askpass "Pass for disk" | bioctl -s -c C -l \
DUID.slice softraid0
hotplugd(8) is your friend for automatically fscking and mounting of the
softraid(4) crypt partitions.
If you do not run xenodm/X11 then Grégoire's hint would fit, but
interrupt your boot process; alternatively you can abuse ttys(5)
by changing a line like, for instance, this:
ttyC5 "/etc/ttymenu.getty" vt220 on secure
"/etc/ttymenu.getty" could look like this:
TERM=vt220 /etc/ttymenu < /dev/$1 > /dev/$1
"/etc/ttymenu" is a script of your liking.
You have to switch to ttyC5 to enter your passphrase.
rc.local(8) can take you there, via "wsconsctl display.focus=4".
If you want your $HOME encrypted, I'd recommend two slices on $BIGDRIVE.
One smaller (in my case 5GB) for $HOME and a huge one for a sub
directory of $HOME that holds your data (but *always* listen to Nick's
partition/slice size advice!).
Purpose of this separation is quicker access to your $HOME in case of an
unclean shutdown. $HOME gets fsck'ed quickly and you can log in. fsck on
$BIGSLICE will take a while...
Marcus
