On Thu, 25 Oct 2007 12:50:15 -0400 George Georgalis wrote:

>>Put the kernel (or all of /) on a CD (or some other bootable media). Then
>>encrypt everything else on the "hidden" machine. Although it sounds pretty
>>compley, it's actually a pretty straight-forward procedure.
>
> Hey this is a pretty cool idea.

I thought so too. :-)

> Can you point to some doc, on making a bootable cd with only a
> /netbsd file on it? eg, how do you specify a kernel on cdrom and
> /etc/fstab on wd0a? and/or make a cdrom/kernel to use hd0 as root
> fs after booting cd0:netbsd?

At the moment, no I can't tell you much, but it wouldn't help you all that
much, as far as I can tell. CGD does not support booting at startup (as
GELI does), so encypting / isn't an option for you. Making you
installation "invisible" would boil down to having / on an external device
and "only" encrypting /usr and /var. Most of the data on a drive will
actually be in those two directories, but having / on a CD can be a pain
if you want to change any of the settings and if you have / on some other
device (some type of flash module for example), you won't be able to
remove that after booting.

Regards,
Chris