On Sun, Jan 31, 2021 at 12:06:37PM +0100, Stefan Sperling wrote:
On Sun, Jan 31, 2021 at 11:47:04AM +0100, Stefan Sperling wrote:
In general, crypto softraid volumes don't auto-assemble.
I forgot that softraid volumes that use a key disk instead of a
passphrase will auto-assemble. Have you already tried that?
A disklabel slice on the USB key could act as a key disk for
the encrypted volume on the internal disk.
Thanks, that's a very interesting idea, I will try that and let you
know.
Looking thru the manpages, I don't see any provision for adding AND / OR
logic to keys (e.g require both passphrase AND keydisk to boot, require
passphrase OR keydisk, etc) the way Linux cryptsetup provides, at least,
OR-logic across multiple keyslots.
(Having multiple keyslots on an encrypted volume has saved me a few
times!)
Is there anything like this in OpenBSD?
