Re: filesystem encryption?

[sen_ml_(_at_)_eccosys_(_dot_)_com]

From: Hannah Schroeter <uk1o_(_at_)_rz_(_dot_)_uni-karlsruhe_(_dot_)_de>
Subject: Re: filesystem encryption?
Date: Mon, 6 Nov 2000 08:39:41 +0100
Message-ID: <20001106083941_(_dot_)_A3963_(_at_)_rz_(_dot_)_uni-karlsruhe_(_dot_)_de>

> Hello1
> 
> On Mon, Nov 06, 2000 at 05:59:08AM +0900, sen_ml_(_at_)_eccosys_(_dot_)_com wrote:
> 
> > i'd like to know as well -- i've looked into using vnconfig, but as
> > far as i can tell that works only w/ files, and not whole filesystems.
> 
> You're nearly on track. vnconfig (or vnd(4) to be precise) acts
> as a block device towards "above" and accesses a file "below".
> 
> So you CAN
>   vnconfig -k ... svnd0 /some/file
> Then ONCE:
>   disklabel -E svnd0
>   newfs /dev/rsvnd0a
> And always:
>   mount /dev/svnd0a /some/where

hello!

right.  but if i understand how this works correctly, i cannot make a
system which has an encrypted root partition -- except perhaps by
vnconfig + union mounting over a minimal unencrypted root partition.

if i could boot from a cf or pcmcia device (not likely for most
laptops), perhaps i could carry around a minimal boot media and then
everything on my hard disk could be encrypted.

> Or you could try out the experimental tcfs support (mount_tcfs and
> other commands/man pages) that is with soon-to-be-2.8.

thanks for the pointer!

it's been a really long time since i've looked at tcfs.  i didn't know
there were bsd ports.  but i see that there are:

  http://tcfs.dia.unisa.it/BSD/download-bsd.html

i guess i'll have to get over my irrational nfs prejudices ;-)

thanks again.