Re: OpenBSD FDE: Protect with keydisk + passphrase
On 11/6/23 17:01, tetrosalame wrote: Il 05/11/2023 12:16, m...@phosphorus.com.br ha scritto: [...] Now I use FDE with a keydisk, but would like to protect the bootable system with a keydisk + passphase (something you have + something you know). Any chance doing this directly using bioctl ? I don't think so: softraid's on-disk volume key can be encrypted with a keydisk or with a passphrase. Not both of them. See this recent explanation written by Stefan Sperling: https://marc.info/?l=openbsd-misc=168500028802972=2 @https://marc.info/?l=openbsd-misc=168500028802972=2 It is not yet possible to encrypt a key disk with a passphrase, which would provide two-factor authentication. There is no technical reason which would prevent this from being implemented, it just hasn't been done. Thanks. Will take a look in the code.
Re: OpenBSD FDE: Protect with keydisk + passphrase
Il 05/11/2023 12:16, m...@phosphorus.com.br ha scritto: [...] Now I use FDE with a keydisk, but would like to protect the bootable system with a keydisk + passphase (something you have + something you know). Any chance doing this directly using bioctl ? I don't think so: softraid's on-disk volume key can be encrypted with a keydisk or with a passphrase. Not both of them. See this recent explanation written by Stefan Sperling: https://marc.info/?l=openbsd-misc=168500028802972=2 -- f
OpenBSD FDE: Protect with keydisk + passphrase
Hi misc, In the past, I used to mount a secondary drive into /mnt/, the keydisk protected by a password. Now I use FDE with a keydisk, but would like to protect the bootable system with a keydisk + passphase (something you have + something you know). Any chance doing this directly using bioctl ? -fm