On Tue, Apr 14, 2009 at 01:51:59PM -0700, new_guy wrote:
quoted text
> I've begun using OpenBSD on portable computers/laptops. I want to guard
> against theft. I can't stand the thought of some crook pawing my laptop and
> someone looking over my personal files... pictures of my family, my taxes,
> etc... it keeps me awake at night.
> 
> I set the option to configure swap in sysctl.conf and I'd like to now
> encrypt /home (where I keep all of my personal files). I've googled, but
> nothing clear comes up. I'm using 4.5 current on an Asus eeepc 701 (the
> original one). I can reinstall and re-partition if necessary, but I'd rather
> not compile a custom kernel... any tips?
no need for custom kernel, read mount_vnd(8). you can also run this
script at boot to mount your /home after getting correct password from
user:

#!/bin/sh
# mount crypto partition

COUNTER=0
MAX_TRIES=3
SALT=/crypto/home.slt
IMG=/crypto/home.img
ROUNDS=20000
MOUNT_PNT=/home
DISK=svnd0
PART=c
MOUNT_OPTS="rw,nodev,nosuid,softdep"

if [ ! -f $IMG -o ! -f $SALT ]; then
	echo "[-] $IMG or $SALT not found"
	exit
fi

#echo

while [ $COUNTER -lt $MAX_TRIES ]
do
	sleep $(($COUNTER*2))
	echo "[+] Mounting $MOUNT_PNT"
	/sbin/vnconfig -K $ROUNDS -S $SALT $DISK $IMG
	/sbin/fsck -y /dev/$DISK$PART
	/sbin/mount -o $MOUNT_OPTS /dev/$DISK$PART $MOUNT_PNT

	if [ $? != 0 ] ; then
		/sbin/vnconfig -u $DISK
		COUNTER=$(($COUNTER+1))    
	else
		echo "[+] Success."
		exit			#normal exit point
	fi

done

echo "[-] Failure."