On Mon, Jul 01, 2024 at 10:30:28PM -0700, patrick keshishian wrote:
> 1. How can one verify they remember the passphrase before
> rebooting/shutting down?
If this is a fresh installation, you'll usually want to reboot and check that
everything
went smoothly anyway. If you've already lost the pas
Hello,
For the first time I decided to set up full disk encryption on a new
drive. Process went smoothly!
Anyway, here are two possibly silly questions:
1. How can one verify they remember the passphrase before
rebooting/shutting down?
2. What is the process (steps) to change/update the
I keep a /crypt noauto partition that I mount manually by passphrase via
ssh after the server is booted.
And don't keep 'sensitive' info in other partitions...
On Mon, May 27, 2024 at 11:57 AM <04-psyche.tot...@icloud.com> wrote:
> Thanks all for your thoughts.
>
> Regarding the remote serial co
Thanks all for your thoughts.
Regarding the remote serial console access, unfortunately, it is not
possible in my case.
I do not have IPMI or something similar :(
On Mon, 27 May 2024 at 08:17, Manuel Giraud <
manuel_at_ledu-giraud_fr_rmp93abv53d47h_m6783...@icloud.com> wrote:
> Stefan Kreutz wr
Stefan Kreutz writes:
> Can you access the machine's serial console, maybe redirected over IP?
I concur that a remote serial console access (maybe via a web interface
serviced by your provider) is your best option here.
I used to do (almost) FDE without console access but here is list of
drawba
On Sun, May 26, 2024 at 08:33:59PM +0100, 04-psyche.tot...@icloud.com wrote:
Hi everyone,
Is there any way to use disk encryption without having physical access to the
device?
You could use a USB keydisk (make sure you, and your assistant on the
remote server, have copious backup(s) of
this
On Sun, May 26, 2024 at 08:33:59PM +0100, 04-psyche.tot...@icloud.com wrote:
> Is there any way to use disk encryption without having physical access to
> the device?
Yes, it is possible.
But I think you are talking about full disk encryption and want to enter a
passphrase at the boot
Can you access the machine's serial console, maybe redirected over IP?
On Sun, May 26, 2024 at 08:33:59PM GMT, 04-psyche.tot...@icloud.com wrote:
> Hi everyone,
>
> Is there any way to use disk encryption without having physical access to the
> device?
>
> A few potentia
Hi everyone,
Is there any way to use disk encryption without having physical access to the
device?
A few potential ideas:
- is there a way to enter the encryption passphrase via ssh?
- is there a way to create a non encrypted partition on the same hard drive,
where the keydisk would be stored
It's about private messages.
Kirill A. Korinsky :
> I wonder how did you blacklist someone by IP who sents his emails into
> maillist? By parsing all Received headers to find some bad IP? Or?
On Wed, 06 Mar 2024 10:40:31 +0100,
Daniele B. wrote:
>
> Initially I blacklisted his ip. Then, understood the music, I started to find
> its approaching intriguing.. ;D
>
I wonder how did you blacklist someone by IP who sents his emails into
maillist? By parsing all Received headers to find so
Admitting without psycho guys, heartbreak exchanges, NSA (at least) readers
this mailing list is without pepper.
However, sometimes also the OT of Jan are interesting.
Initially I blacklisted his ip. Then, understood the music, I started to find
its approaching intriguing.. ;D
-Dan
Mar 6, 2024
On 2024-03-06, ofthecentury wrote:
> Who's this psycho Jan Stary telling people new to OpenBSD not to use
> an appropriate public mailing list for legitimate questions?
Sadly some list members are a bit intolerant of things which are
perfectly valid topics for the list.
> Stop poluting the list
Who's this psycho Jan Stary telling people new to OpenBSD not to use
an appropriate public mailing list for legitimate questions?
-- Forwarded message -
From: Jan Stary
Date: Wed, Mar 6, 2024 at 1:26 PM
Subject: Re: Disk encryption cipher
To: ofthecentury
Stop polutin
> > Hi. I cannot find what cipher is used for full
> > disk encryption on OpenBSD. I saw a mention
> > of salting too, but really no specifics on what
> > the encryption algorithm is. Is there somewhere
> > I can read about it? And really, what is the cipher
> >
Den ons 6 mars 2024 kl 07:17 skrev ofthecentury :
>
> Hi. I cannot find what cipher is used for full
> disk encryption on OpenBSD. I saw a mention
> of salting too, but really no specifics on what
> the encryption algorithm is. Is there somewhere
> I can read about it? And r
Hi. I cannot find what cipher is used for full
disk encryption on OpenBSD. I saw a mention
of salting too, but really no specifics on what
the encryption algorithm is. Is there somewhere
I can read about it? And really, what is the cipher
used?
Hello,
I was able to auto-install OpenBSD/amd64 except full disk encryption
(FDE). Is FDE supported in autoinstall?
Thanks much!
Boj
pe
wrote:
>On Wed, Dec 28, 2022 at 09:01:26PM +, Chris wrote:
>> After that however, the bootloader no longer prompts me for the full disk
>> encryption passphrase. Previously it was prompting me for the FDE passphrase
>> before it tried to boot the broken kernel.
>
&g
On Wed, Dec 28, 2022 at 09:01:26PM +, Chris wrote:
> After that however, the bootloader no longer prompts me for the full disk
> encryption passphrase. Previously it was prompting me for the FDE passphrase
> before it tried to boot the broken kernel.
I'm assuming that you only
into install72.img,
decrypted the disk and copied over the 7.2 kernel from sets. The machine was
running -current but I assume the 7.2 kernel would boot it as well. After that
however, the bootloader no longer prompts me for the full disk encryption
passphrase. Previously it was prompting me for
On Mon, Dec 5, 2022, at 12:26 PM, Mare Dedeu wrote:
> Hi,
>
> I recently had to fight with a thinkpad l13 gen 3 to install OpenBSD with
> full disk encryption alongside with linux for blobs like zoom etc. I hope
> somebody else can profit from the effort. It is trivial, I guess,
Hi,
I recently had to fight with a thinkpad l13 gen 3 to install OpenBSD with
full disk encryption alongside with linux for blobs like zoom etc. I hope
somebody else can profit from the effort. It is trivial, I guess, but it
might be helpful for someone.
https://astro-gr.org/openbsd-full
On Wed, Dec 29, 2021 at 05:22:19PM -0500, openbsd-m...@pyr3x.com wrote:
> Hello,
>
> I'm using full disk encryption via the softraid subsystem and bioctl with a
> keydisk. I have a second drive that I'm backing up the root filesystem to
> via ROOTBACKUP=1 and the proper f
We had a VPS customer ask for help on full disk encryption, and since
following the instructions on
https://www.openbsd.org/faq/faq14.html#softraidFDE
did not work with a serial console, we published a blog post on it:
https://prgmr.com/blog/openbsd/2020/05/08/openbsd-encrypted-root.html
I
On Tue, Feb 18, 2020 at 08:05:29AM +0100, Paul de Weerd wrote:
On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote:
| Yes, it's a cool way to combine things to get unexpected functionality.
| I haven't dug into the bootloader much... is there a reasonably easy way
| to get the USB-stick-b
> Are there any downsides though? For example, would resume from
> hibernation still work for such a setup?
It should work with hibernation without any problems, but i did
not test this extensively.
>
> More so, for the less knowledgeable of us, how does this relate to
> UEFI's "Secure Boot"?
Make sure no one has physical access to you machine!
EVER.
Lock it away.
That way no 'Evil Maid' or any one else can access it!
This is not hard.
Why is this a thing?
If someone has physical access to you box then it is Game Over!
All of these fantasy efforts are BS.
Physically secure your hardware
On Mon, Feb 17, 2020 at 04:09:57PM +0100, Julius Zint wrote:
I'm not really in a position to reflash my machine but I would still be
curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of T
On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote:
| Yes, it's a cool way to combine things to get unexpected functionality.
| I haven't dug into the bootloader much... is there a reasonably easy way
| to get the USB-stick-bootloader to boot the hard drive partition by
| default?
Best wa
On Mon, Feb 17, 2020 at 06:44:25PM +0100, Paul de Weerd wrote:
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will still install a boot
high chance that
the
early boot components are unchanged.
Some feedback from the OpenBSD community on this would also be appreciated. Are
there
enought people interessted in a Trusted Boot with OpenBSD?
That's amazing if you can get it to work without reflashing. Are you
then sealing the disk
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will still install a bootloader on the physical disk inside
| > your machine. It's then
I’m interested as well.
Jan
On 17 Feb 2020, at 17:10, Kevin Chadwick wrote:
On 2020-02-17 15:09, Julius Zint wrote:
Some feedback from the OpenBSD community on this would also be
appreciated. Are there
enought people interessted in a Trusted Boot with OpenBSD?
I'm interested
On 2020-02-17 15:09, Julius Zint wrote:
> Some feedback from the OpenBSD community on this would also be appreciated.
> Are there
> enought people interessted in a Trusted Boot with OpenBSD?
I'm interested
> I'm not really in a position to reflash my machine but I would still be
> curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of Trust for Measurment (SRTM) approach
where the Chain of Trust
On Mon, Feb 17, 2020 at 11:56:24AM +0100, Paul de Weerd wrote:
But you can already do this. If your machine supports booting from
USB, you can do a minimal install to a USB stick (using FDE, if you
want). Now you have a portable OpenBSD environment you can boot on
any system capable of booting
On Mon, Feb 17, 2020 at 11:13:27AM +0100, Julius Zint wrote:
I recently finished my masterthesis that solves this problem by including
the Trusted Platform Module (TPM) in the bootprocess of OpenBSD.
It extends the Chain of Trust up to boot(8) and allows you to seal a
secret of your choice to th
>>> How do you do this on OpenBSD?
>>@frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
>
> That's telling me how to use a keydisk -- how to put the softraid FDE
> encryption key material on a USB disk.
>
> If an evil made came by and got access to my machine, they would still
> be
On Mon, Feb 17, 2020 at 08:50:14AM +, Frank Beuth wrote:
| > > How do you do this on OpenBSD?
| > @frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
|
| That's telling me how to use a keydisk -- how to put the softraid FDE
| encryption key material on a USB disk.
|
| If an evil
>
> If an evil made came by and got access to my machine, they would still
> be able to tamper with the bootloader code to harvest the FDE password
> when I returned.
>
> I want to put the whole bootloader (including the code used to decrypt
> the softraid-FDE-encrypted root-partition-containin
On Sat, Feb 15, 2020 at 12:22:02PM +0100, no@s...@mgedv.net wrote:
>depends what you want to achieve, but my recommendation is booting from
USB
>and mount encrypted root from the HDD.
>you can safely remove the usb key after root mount and all your
configs/etc
>files are used from the encrypted
> >depends what you want to achieve, but my recommendation is booting from
> USB
> >and mount encrypted root from the HDD.
> >you can safely remove the usb key after root mount and all your
configs/etc
> >files are used from the encrypted storage.
> >this ensures 2 things: bootloader + kernel on US
On Thu, Feb 13, 2020 at 01:31:43PM +0100, no@s...@mgedv.net wrote:
depends what you want to achieve, but my recommendation is booting from USB
and mount encrypted root from the HDD.
you can safely remove the usb key after root mount and all your configs/etc
files are used from the encrypted stora
no@s...@mgedv.net(nos...@mgedv.net) on 2020.02.13 13:31:43 +0100:
> > > On Linux you can do the following:
> > > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive
> entirely encrypted] }
> ... which i would consider to be as insecure, as unencrypted root at all.
... which totaly de
> > On Linux you can do the following:
> > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive
entirely encrypted] }
... which i would consider to be as insecure, as unencrypted root at all.
maybe check out https://wiki.osdev.org, they have nice articles on this.
IMHO a secure boot ch
cipher-hea...@riseup.net writes:
>
> On Linux you can do the following:
>
> Hard drive:
> { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely
> encrypted] }
>
> Then the only parts of the (x64) computer that are unencrypted are the BIOS
> and GRUB.
This is how it already
On Thu, Feb 13, 2020 at 10:31:30AM +, cipher-hea...@riseup.net wrote:
>
> On Linux you can do the following:
>
> Hard drive:
> { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely
> encrypted] }
>
> Then the only parts of the (x64) computer that are unencrypted are th
On Linux you can do the following:
Hard drive:
{ [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely
encrypted] }
Then the only parts of the (x64) computer that are unencrypted are the BIOS and
GRUB.
You can then move the GRUB offline if you wish, execute it externally.
4, 2019 at 02:02:39AM +, Chris Humphries wrote:
> > Hello,
> >
> > I have full disk encryption active on my machine. I would like to
> > follow -current, and the FAQ[1] said to grab an install image for a
> > snapshot and (U)pgrade.
> >
> > The problem
In -current you should create sd0 manually.
# cd /dev && sh MAKEDEV sd0
And then use bioctl as usual.
On Thu, Jul 04, 2019 at 02:02:39AM +, Chris Humphries wrote:
> Hello,
>
> I have full disk encryption active on my machine. I would like to
> follow -current, and the
gt;> On Thu, Jul 04, 2019 at 02:02:39AM +, Chris Humphries wrote:
>> Hello,
>>
>> I have full disk encryption active on my machine. I would like to
>> follow -current, and the FAQ[1] said to grab an install image for a
>> snapshot and (U)pgrade.
>>
>
;
> I have full disk encryption active on my machine. I would like to
> follow -current, and the FAQ[1] said to grab an install image for a
> snapshot and (U)pgrade.
>
> The problem is, I'm not sure how to manually get my FDE disk live via
> shell from the installer.
>
>
Hello,
I have full disk encryption active on my machine. I would like to
follow -current, and the FAQ[1] said to grab an install image for a
snapshot and (U)pgrade.
The problem is, I'm not sure how to manually get my FDE disk live via
shell from the installer.
I tried doing disklabel on l
I'm interesting in how to set up hardcoded Key or Passphrase (no
keyboard input or USB key is needed) during OpenBSD boot.
I have a device without keyboard and/or USB stick connectivity
available. It would be great to have full disk encryption, but without
any key inputs on startup.
> From meun...@ccs.neu.edu Mon Aug 21 15:08:32 2017
> Date: Sat, 19 Aug 2017 15:42:27 -0400
> From: Philippe Meunier
> To: Ted Unangst
> Subject: Re: Full disk encryption questions
>
> >> - is there a way to get the computer to boot again, short of wiping the
> >
> From meun...@ccs.neu.edu Mon Aug 21 15:08:32 2017
> Date: Sat, 19 Aug 2017 15:42:27 -0400
> From: Philippe Meunier
> To: Ted Unangst
> Subject: Re: Full disk encryption questions
>
> Ted Unangst wrote:
> >Philippe Meunier wrote:
> >> - is the panic intende
Ted Unangst wrote:
>Philippe Meunier wrote:
>> - is the panic intended (well, known to the developers and considered
>> normal; I hesitate to call it a feature) or is it an oversight?
>
>no, nothing bioctl does should kill init like that.
Well, it does, and it's reproducible.
>> - I would have th
Philippe Meunier wrote:
> - is the panic intended (well, known to the developers and considered
> normal; I hesitate to call it a feature) or is it an oversight?
no, nothing bioctl does should kill init like that.
> - I would have thought that, once the softraid volume has been created, its
> met
Hello,
I've been testing full disk encryption using the softraid crypto
discipline on an old Thinkpad T61, using OpenBSD amd64 6.1-release (dmesg
below). I just followed the FAQ: creating a wd0a RAID partition, then an
encrypted sd1 using bioctl (sd0 was the USB thumb drive I booted from),
Hi,
I followed the FAQ for encrypting external disks, but unfortunately it's
failing.
I'm trying to encrypt a 32Tb raid 6 drive on a lsi 9265-8i with 8 x 6Tb
drives and it's failing with an "unknown error".
I was able to encrypt the 256Gb system disk without error during
installation.
I
> I'm taking the plunge now.
You're done with the swings.
On 11/16/16 11:52, Ax0n wrote:
> I'm taking the plunge now. Mostly, I was concerned about SSD longevity and
> if TRIM would be a problem due to the different way data is going to be
> accessed. It was the cheapest drive I could find locally anyway, and I keep
> good backups (dump to a much larger e
Wed, 16 Nov 2016 19:10:08 +0100 ludovic coues
> Trim and ssd longevity and what not may have been an issue when ssd where a
> novelty.
> These day, it should last just as long as an hard drive. So make backups if
> what matters and don't worry about your disk.
Hi Ludovic,
You have to face it, th
Trim and ssd longevity and what not may have been an issue when ssd where a
novelty.
These day, it should last just as long as an hard drive. So make backups if
what matters and don't worry about your disk.
On 16 Nov 2016 5:54 p.m., "Ax0n" wrote:
> I'm taking the plunge now. Mostly, I was concer
I'm taking the plunge now. Mostly, I was concerned about SSD longevity and
if TRIM would be a problem due to the different way data is going to be
accessed. It was the cheapest drive I could find locally anyway, and I keep
good backups (dump to a much larger external drive that's also using
softrai
Am 11/16/16 um 17:07 schrieb Ax0n:
> I'm less concerned about swap, and more concerned about how a fully
> encrypted softraid Solid State Disk is going to act. I can't find a lot
> about FDE on SSD.
>
It acts as a normal harddisk would, just faster :). I had one in my
worklaptop i used before for
I'm less concerned about swap, and more concerned about how a fully
encrypted softraid Solid State Disk is going to act. I can't find a lot
about FDE on SSD.
On Wed, Nov 16, 2016 at 9:41 AM, trondd wrote:
> On Wed, November 16, 2016 10:23 am, Jiri B wrote:
> > On Wed, Nov 16, 2016 at 09:14:51AM
On Wed, Nov 16, 2016 at 10:23:39AM -0500, Jiri B wrote:
> On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
> > I just purchased a SanDisk SSD for my daily-driver laptop which has been
> > running -CURRENT well. I'm considering going with FDE and a fresh snapshot
> > install, adding my packages
On Wed, November 16, 2016 10:23 am, Jiri B wrote:
> On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
>> I just purchased a SanDisk SSD for my daily-driver laptop which has been
>> running -CURRENT well. I'm considering going with FDE and a fresh
>> snapshot
>> install, adding my packages then
On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote:
> I just purchased a SanDisk SSD for my daily-driver laptop which has been
> running -CURRENT well. I'm considering going with FDE and a fresh snapshot
> install, adding my packages then copying over what I need from my old
> spinning rust drive
I just purchased a SanDisk SSD for my daily-driver laptop which has been
running -CURRENT well. I'm considering going with FDE and a fresh snapshot
install, adding my packages then copying over what I need from my old
spinning rust drive, mostly /home and the ssh host keys from /etc/ssh.
Anything
open to further advise on this matter.
Thanks again.
-Original Message-
From: "Dekker"
Sent: â10/â18/â2016 11:18 AM
To: "Tito Mari Francis Escaño"
Cc: "misc@openbsd.org"
Subject: Re: Full disk encryption by auto install
This has been discussed previ
This has been discussed previously... And recently.
Search the mailing lists and you will find your answers.
â£â
On Oct 17, 2016, 23:12, at 23:12, "Tito Mari Francis Escaño"
wrote:
>Hello everyone,
>Is full disk encryption via auto install script feasible? Has anyone
&g
Hello everyone,
Is full disk encryption via auto install script feasible? Has anyone
tried this before? Maybe somebody can share pointers on what to watch
out for if it's already been done.
I was wondering how the full disk encryption password can be secured
during auto install. Maybe somebod
Ted Roby wrote:
> Do any of you find that when dealing with sd1 and greater in bsd.rd
> you must explicitly create these devices?
That step was not needed with the upgrade procedure I described in that
"drunken mathematician" e-mail. I have a working laptop to show for.
Best,
Predrag
On 2016-04-18, Erling Westenvik wrote:
> On Mon, Apr 18, 2016 at 12:36:34PM -0700, Ted Roby wrote:
>> Do any of you find that when dealing with sd1 and greater in bsd.rd you
>> must explicitly create these devices?
>
> Yes. This behaviour is mentioned in FAQ 14 (14.10.1 - Installing to a
> mirror)
KEDEV sd1
>
>
>
> On Sun, Apr 17, 2016 at 2:04 PM, Sean Howard wrote:
>
> > J o l
> >
> > Sent from my Phone.
> > Original Message
> > From: Predrag Punosevap
> >
> > Sent: Sunday, April 17, 2016 09:11
> > To: erling.w
oward wrote:
> J o âl
>
> Sent from my Phone.
> Original Message
> From: Predrag Punosevap
> â
> Sent: Sunday, April 17, 2016 09:11
> To: erling.westen...@gmail.com
> Cc: misc@openbsd.org
> Subject: Re: Upgrade to 5.m. J9 full disk encryption
>
> Erling Westen
 J o âl
Sent from my Phone.
 Original Message Â
From: Predrag Punosevap
â
Sent: Sunday, April 17, 2016 09:11
To: erling.westen...@gmail.com
Cc: misc@openbsd.org
Subject: Re: Upgrade to 5.m. J9 full disk encryption
Erling Westenvik wrote:
Tn. Iâ
> On Sat, Apr 16, 2016 at 11:02:3
Erling Westenvik wrote:
> On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote:
> > Bryan Everly wrote:
> > >
> > > Boot the installer. Exit to the shell. Then do:
> > >
> > > bioctl -c C -l /dev/sd0a softraid0
> > >
> >
> > Unless I did something really stupid I would swear that
On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote:
> Bryan Everly wrote:
> >
> > Boot the installer. Exit to the shell. Then do:
> >
> > bioctl -c C -l /dev/sd0a softraid0
> >
>
> Unless I did something really stupid I would swear that I upgraded fully
> encrypted laptop running
Bryan Everly wrote:
>
> Boot the installer. Exit to the shell. Then do:
>
> bioctl -c C -l /dev/sd0a softraid0
>
Unless I did something really stupid I would swear that I upgraded fully
encrypted laptop running 5.8 to 5.9 easier.
I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the
Niels wrote:
As Bryan stated, bioctl will prompt for the (existing) passphrase and then
bring up the (existing) crypto volume.
I took the manual to mean that, but asked to confirm.
Bryan's answer was correct, we're all upgraded to 5.9, thanks all.
--
Jack J. Woehr # Science is more than a
As Bryan stated, bioctl will prompt for the (existing) passphrase and then
bring up the (existing) crypto volume.
Once mounted, it will be a standard upgrade installation.
To clarify, bioctl should in this case NOT overwrite the existing encrypted
data.
As a beginner, I found bioctl’s -c and -d o
Happy to help! :)
Thanks,
Bryan
> On Apr 15, 2016, at 6:35 PM, Jack J. Woehr wrote:
>
> Bryan Everly wrote:
>> Boot the installer. Exit to the shell. Then do:
>>
>> bioctl -c C -l /dev/sd0a softraid0
>>
>> (Substitute for your actual device that is the softraid container).
>> You will be promot
On 15 April 2016 23:04:45 BST, Bryan Everly wrote:
>Boot the installer. Exit to the shell. Then do:
>
>bioctl -c C -l /dev/sd0a softraid0
>
>(Substitute for your actual device that is the softraid container).
>You will be promoted for your password.
>
>Watch for the console message telling you wha
Bryan Everly wrote:
Boot the installer. Exit to the shell. Then do:
bioctl -c C -l /dev/sd0a softraid0
(Substitute for your actual device that is the softraid container).
You will be promoted for your password.
Watch for the console message telling you what it mounted as. Then
type exit to ret
Boot the installer. Exit to the shell. Then do:
bioctl -c C -l /dev/sd0a softraid0
(Substitute for your actual device that is the softraid container).
You will be promoted for your password.
Watch for the console message telling you what it mounted as. Then
type exit to return to the installer a
How does one upgrade a full-disk encrypted OpenBSD boot disk?
--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sag
On Sat, 9 Apr 2016 20:18:11 -0400
Matt Schwartz wrote:
> I really like the bioctl full disk encryption feature. I would love
> to see it extended to support multiple users/passkeys. I once worked
> with a commercial full disk encryption product that allowed this ...
You could sto
On Sun, 10 Apr 2016, Matt Schwartz wrote:
> I really like the bioctl full disk encryption feature. I would love to see
> it extended to support multiple users/passkeys. I once worked with a
> commercial full disk encryption product that allowed this and could even be
> managed ov
really like the bioctl full disk encryption feature. I would love to
see
> > it extended to support multiple users/passkeys. I once worked with a
> > commercial full disk encryption product that allowed this and could
even be
> > managed over a network. Coming up with a solution to manage
I really like the bioctl full disk encryption feature. I would love to see
it extended to support multiple users/passkeys. I once worked with a
commercial full disk encryption product that allowed this and could even be
managed over a network. Coming up with a solution to manage encryption keys
On March 8, 2016 12:41:09 AM GMT+01:00, Jiri B wrote:
>On Tue, Mar 08, 2016 at 12:32:16AM +0100, arrowscr...@mail.com wrote:
>> I'm using softraid_crypto for full disk encryption for about one year
>> now. I used this on a low end Core2Duo and noticed absolutely *no*
>&g
On 2016-03-07, arrowscr...@mail.com wrote:
> I'm using softraid_crypto for full disk encryption for about one year
> now. I used this on a low end Core2Duo and noticed absolutely *no*
> performance hit. I also use this on a newer platform and, again, no
> performance problems. It
On Tue, Mar 08, 2016 at 12:32:16AM +0100, arrowscr...@mail.com wrote:
> I'm using softraid_crypto for full disk encryption for about one year
> now. I used this on a low end Core2Duo and noticed absolutely *no*
> performance hit. I also use this on a newer platform and, again, no
I'm using softraid_crypto for full disk encryption for about one year
now. I used this on a low end Core2Duo and noticed absolutely *no*
performance hit. I also use this on a newer platform and, again, no
performance problems. It's stable too, no issues on booting.
I know some high
On 2015-01-12 09:45, Jan Stary wrote:
Am Sonntag, den 11.01.2015, 20:45 + schrieb
etie...@magickarpet.org:
> Is there a way to have a different keymap in boot? Not that it's really
> necessary to type "boot bsd.rd", but it would be much more efficient
> when typing a passphrase to decrypt a
On 2015-01-12 15:49, Theo de Raadt wrote:
The underlying problem here is that the boot loader doesn't support
key=
maps.
And even if we hacked something together, it would be a significant
undertaking, since all the architectures are so different.
Thanks. That's what I thought, but I was hop
1 - 100 of 197 matches
Mail list logo