On 2016-04-28 09:21, Pau Amaro-Seoane wrote:
Dear all:
I am following the instructions given in the OpenBSD site [1] and I
have one question. If my drive (sd0) has a linux installation on it,
when I get to the encryption part of the installation process:
dd if=/dev/random of=/dev/sd0c bs=1m
(1) Will this overwrite the linux partition? This is /dev/sd0i in my
case (I think, I'm writing from the top of my head)
It will overwrite the Master Boot Record (MBR) which lives in the first
sector of the drive. While the Linux partition will still be on disk,
its location will be lost and it will no longer be bootable. This is
likely something you don't want to do.
Those instructions are for *FULL* disk encryption. Multibooting using
a shared drive with MBR (or GPT) partitioning cannot be used with it.
If you want Full Disk Encryption with two operating systems, use two
disk drives.
Partial disk encryption is possible, but the Project doesn't have a
published "howto" with step-by-step instructions. You can, for example,
configure an encrypted /home partition. But I don't recommend this
if you are brand new to the OS. It's easy, but you first need a very
clear understanding of partitioning in OpenBSD, and the tools you would
use for provisioning: disklabel(8), fstab(5), rc.local(5), bioctl(8),
and softraid(4).
(2) After that, I would like to have separate partitions for X,
/usr/local/bin etc but I am afraid that these become too small in the
next release when I upgrade the system. How bad would it be to only
have a / and a swap partition (a and b)? I am just afraid that I end
up next time having to repeat the whole encryption process, which is
very time consuming...
Aside from the management and security issues inherent in a large
single filesystem, it is possible to create or later update to an
unbootable system, depending on your hardware and the location of
boot blocks on the drive. OpenBSD uses BIOS I/O services for booting,
and this can limit the addressable range of sectors on a hard drive
during boot. With a low-address range for the root partition where
boot blocks are stored, this is not a problem. With a giant root
partition, this may be a problem or may become a problem later. It
depends entirely on where the boot blocks are stored (the i386/amd64
second stage boot loader, stored in the file /boot) and the specific
limitations of the BIOS on your motherboard.
_______________________________________________
Openbsd-newbies mailing list
Openbsd-newbies@sfobug.theapt.org
http://mailman.theapt.org/listinfo/openbsd-newbies
