gj...@omecha.info (Grégoire Jadi), 2021.01.30 (Sat) 11:03 (CET): > Joe Nelson <j...@begriffs.com> writes: > > > Second, how do I get the OS to prompt me during startup for a > > passphrase, and mount the encrypted drive? (It's not the primary drive > > with the OS on it, which seems nonstandard.) > > Checkout rc(8), in particular rc.local. > > I've used something like: > > echo 'adding encrypted home partition' > bioctl -c C -l ENCRYPTED_UID.k softraid0 && \ > fsck DECRYPTED_UID.a && \ > mount /home > > Could be improved with a loop to retry in case you misstype the > passphrase.
This is just another suggestion... If you run xenodm(1) you can put the following in /etc/X11/xenodm/Xsetup_0 : ssh-askpass "Pass for disk" | bioctl -s -c C -l \ DUID.slice softraid0 hotplugd(8) is your friend for automatically fscking and mounting of the softraid(4) crypt partitions. If you do not run xenodm/X11 then Grégoire's hint would fit, but interrupt your boot process; alternatively you can abuse ttys(5) by changing a line like, for instance, this: ttyC5 "/etc/ttymenu.getty" vt220 on secure "/etc/ttymenu.getty" could look like this: TERM=vt220 /etc/ttymenu < /dev/$1 > /dev/$1 "/etc/ttymenu" is a script of your liking. You have to switch to ttyC5 to enter your passphrase. rc.local(8) can take you there, via "wsconsctl display.focus=4". If you want your $HOME encrypted, I'd recommend two slices on $BIGDRIVE. One smaller (in my case 5GB) for $HOME and a huge one for a sub directory of $HOME that holds your data (but *always* listen to Nick's partition/slice size advice!). Purpose of this separation is quicker access to your $HOME in case of an unclean shutdown. $HOME gets fsck'ed quickly and you can log in. fsck on $BIGSLICE will take a while... Marcus