On 05/25/16 13:34, Robert Campbell wrote: > https://www.openbsd.org/faq/faq14.html#softraid > > In the FAQ > Disk Setup > Full Disk Encryption section there are these > lines after the encrypted drive has been set up: > >> As in the previous example, we'll overwrite the first megabyte of our > new pseudo-device. >> >> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 > > Why? > > It isn't clear to me why I'd want to do this. It's clear in the referenced > "previous example" why you'd want actual random data to surround the > random-looking encrypted data to obscure its presence/boundary. >
personally, I've found it more useful to zero the component disks BEFORE creating the softraid device, as (at least in my stockpile of disks) very often the disks already been used in softraid testing and experimentation, and thus have the remains of a softraid partition hidden away on the disk. While this is good for recovery, it tends to make experimentation more challenging...and experimenting with any RAID system is a requirement for a sane install and at least early on, the error messages when bioctl found a softraid partition you didn't know about were cryptic. Zeroing the head of an encrypted disks after creation is a probably a Good Idea, because whatever was on the disk before now looks like rather random data...and random data has an unfortunately habit of looking like on-disk data structures that might prove irritating to you. Nick.