DragonFly users List (threaded) for 2012-12
Re: Full disk encryption without a boot partition
On Thu, Dec 27, 2012 at 11:00 PM, Alex Hornung <email@example.com> wrote:
> On 27/12/12 22:13, mhca12 wrote:
>> On Thu, Dec 27, 2012 at 10:08 PM, Alex Hornung <firstname.lastname@example.org> wrote:
>>> On 26/12/12 22:19, mhca12 wrote:
>>>> Are there any plans or is there already support for full
>>>> disk encryption without the need for a boot partition?
>>> No, the userland tool that sets up the decryption of the root partition,
>>> as well as the kernel and modules need to be somewhere that is not
>>> encrypted - otherwise the boot loader would need to support the disk
>> Seems like OpenBSD 5.2's bootloader can do that.
>> Any idea how they did it?
> I didn't say that it's impossible, I just stated what would be
> required. There are no plans to do any such thing in DragonFly BSD, as
> there is pretty much no point. Doing it in any other way than with the
> separate /boot partition overcomplicates everything by an order of
> magnitude (since, for example, the setup cannot occur in userland
> anymore) for no real benefit.
Sorry that I wasn't precise. I meant to say I find it hard to believe that
OpenBSD extended the bootloader to do decryption.
Your stated reasons make a lot of sense and I will try to find out
how it works in OpenBSD because I'm curious.