On Wed, Mar 05, 2014 at 16:15, Giancarlo Razzolini wrote: > Hi, > > I have one linux server that has full disk encryption, and I use > it's initramfs with dropbear to be able to remote unlock the encrypted > root partition. > > From what I read from the OpenBSD documentation, this is not > possible now. I want some guidance for what areas of code I would need > to modify, to accomplish the same. I know it would involve lots of > hacking with boot(8), with the kernel itself, and perhaps more. Also, I > want to know how hard you guys think it would be.
I'm aware of some issues in this area. You probably need to modify boot to default to serial console. The normal approach, taken by the installer, is to use boot.conf, but of course that's not readable before the disk is decrypted. This is assuming you will use serial console to provide the password instead of regular keyboard. If you want to provide the password over the network, I think that's going to be way more work. pxeboot may be a place to start, but I don't think you'll like where that leads and it won't be very secure either. Or get a server that supports some sort of kvm/console over IP.
