[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: filesystem encryption?

To: misc@openbsd.org
Subject: Re: filesystem encryption?
From: sen_ml@eccosys.com
Date: Mon, 06 Nov 2000 15:55:52 +0900
References: <20001106054759.N27161@alongtheway.com><20001106055908Y.1001@eccosys.com><20001105222400.K1017@willamette.edu>

From: Seth Arnold <sarnold@willamette.edu>
Subject: Re: filesystem encryption?
Date: Sun, 5 Nov 2000 22:24:00 -0800
Message-ID: <20001105222400.K1017@willamette.edu>

> * sen_ml@eccosys.com <sen_ml@eccosys.com> [001105 22:18]:
> > i'd like to know as well -- i've looked into using vnconfig, but as
> > far as i can tell that works only w/ files, and not whole filesystems.
> > it'd be nice to have something that's not a port.
> 
> Though, I believe the loopback device could be used to mount a file as a
> filesystem, created through vnconfig. Though the one day I tried I got a
> kernel panic. I wrote it off to not knowing the differences between raw
> devices and their block equivelents, and I didn't persue. :)

sorry, i guess what i wrote was unclear.  what i meant bt "works only
w/ files, and not whole filesystems" is that you can't (afaict) take
an existing filesystem and use vnconfig w/ it to turn it in to an
encrypted filesystem -- unless you take the contents of the filesystem
and place them into a single file beforehand.

looking through the mailing list archives gave me the impression that
other people were able to get vnconfig working w/ encryption.

i've been thinking about how one might go about putting together a
system (target system type is laptop) which has the following sorts of
properties:

  -almost all the content of secondary storage is encrypted when
   the power is off (want this to be the case for hibernation
   if possible too).

  -when the system is starting up (or returning from hibernation),
   some kind of key/passphrase/etc is asked for.  this is used to decrypt 
   some (or whatever remains) of secondary storage.

one naive approach (that may not work well for hibernation) seems to
be to build a minimal system which does something like the following:

  -as one of the last steps in the boot process use vnconfig 
   to decrypt and union mount files (which represent filesystems)
   on top of the existing system.  so "superimposing" another system
   on top of the minimal one.

i'm not terribly excited about this approach though.

References:
- filesystem encryption?
  - From: Jim Breton <jamesb-openbsd@alongtheway.com>
- Re: filesystem encryption?
  - From: sen_ml@eccosys.com
- Re: filesystem encryption?
  - From: Seth Arnold <sarnold@willamette.edu>

Prev by Date: Re: filesystem encryption?
Next by Date: mac68k (2.8) kern build errs
Prev by thread: Re: filesystem encryption?
Next by thread: Re: filesystem encryption?
Index(es):
- Date
- Thread