> Date: Mon, 9 Aug 2010 14:01:08 +0200 > I am also very interested in this features (encrypted root, swap, raid > 1, key on a i.e. usb stick, boot from kernel from RO media etc.) > > A few things work with minor configuration work, others are not > supported yet. > > I am new to openBsd and at the moment I am totally out of free time, but > I plan to understand and later work on such thinks. Maybe we could > exchange experiences. > > Best Regards > > Andreas
I think it's impossible to create trusted bootloader which would not be affected by physical attacks, see here: http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt .html Thus even bootloader would be able to open softraid crypto device, it could be tampered. I'm going to create a usb stick with minimal installation on which I will carry checksums of files in '/' and I'm going to scan '/' for tampered files before "normal" boot. I do not know any better solution. I don't know if there can be some other shit which could somehow get my passphrase for softraid (bios, mbr...)? Is it theoretically possible? jirib