Alexander Nasonov wrote: > m...@netbsd.org wrote: > > Why are we using a memory disk for full disk encryption? I am under the > > impression that it shouldn't be required. > > We use a memory disk because cgdconfig functionality isn't available in > the bootloader.
https://wiki.netbsd.org/projects/project/transparent-cgd/ This page describes limitations of cgdroot.kmod. In my opinion, aes-xts should be added to efi bootloader and paramsfile should be merged into boot.cfg. -- Alex