Nick Guenther wrote:
quoted text > On 10/7/07, Timo Myyrd <zmyrgel@nerdshack.com> wrote:
>
>> Nick Guenther wrote:
>>
>>> On 10/6/07, Timo Myyrd <zmyrgel@nerdshack.com> wrote:
>>>
>>>
>>>> I have read the mount_vnd manual page and it describes the mount options
>>>> of the image that are needed to succesfully mount the partition on boot
>>>> but didn't reveal if there's a method to encrypt whole partition. I know
>>>> it will give me small performance hit to encrypt whole partition but it
>>>> should be OK. I had all of my HD except the /boot partition encrypted
>>>> with Linux and I didn't notice any difference in casual use.
>>>>
>>>> Currently waiting for the urandom to fill the image...
>>>>
>>>> Timo
>>>>
>>>>
>>> Hm? I don't understand what you don't understand.
>>> There's no such thing as a half-encrypted svnd (=partition). If you
>>> can mount an encrypted svnd then you have a totally encrypted drive.
>>> If you put it in fstab even better, but you need to somehow get it to
>>> ask you for a password (-k) or give it a saltfile (-K) from somewhere
>>> when it does that (and you better not store that password on the same
>>> laptop).
>>>
>>> -Nick
>>>
>>>
>>>
>>>
>> I mean that can I encrypt my /dev/sd0g directly instead of creating
>> image in it and encrypting and mounting that image as /home.
>> I tried to read about the svnd and it only seems to work on files.
>>
>
> Yes, exactly ;)
> This is Unix, where everything is a file (or tries to be):
> vnconfig /dev/sd0g svnd0
>
> On a tangential note, it's useful to understand what you can do with
> ccd(4) if you are creative about it.
>
> -Nick
>
>
>
I tested above and following:
mount_vnd -K 20000 -S /root/image.slt svnd0 /dev/sd0g
both prompted for encryption key but then give following message:
vnconfig: VNDIOCSET: Inappropriate ioctl for device
Timo
