On 20.06.2016 13:00, bootcr...@openmailbox.org wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security reasons
I want to boot them from
another drive.
What is that security reason worth of not using default full disk
encryption?
Example:
I have computer with encrypted hard-drive(wd0). To boot it, I want to
insert a USB-flash drive(sd0)
and to boot from it in bios. I expect it run bootloader from sd0,
ask me password from my wd0 drive and then boot (wd0):/bsd.
However it's not working like that. When I'm booting from let's say
installation media,
it's simply not asking me the password,
and it seems there is no way to specificly ask bootloader to decrypt
some drive.
I've read man pages and googled things like boot, installboot,
"cross-device install" etc but unsuccessfuly.
Is it(booting CRYPT hard drive from usb) possible? If yes, what am I
doing wrong?
