Subject: Re: booting.... Re: How to "hide" the system?
To: None <netbsd-users@netbsd.org>
From: Christian Baer <christian.baer@uni-dortmund.de>
List: netbsd-users
Date: 10/28/2007 14:28:58
On Thu, 25 Oct 2007 12:50:15 -0400 George Georgalis wrote:
>>Put the kernel (or all of /) on a CD (or some other bootable media). Then
>>encrypt everything else on the "hidden" machine. Although it sounds pretty
>>compley, it's actually a pretty straight-forward procedure.
>
> Hey this is a pretty cool idea.
I thought so too. :-)
> Can you point to some doc, on making a bootable cd with only a
> /netbsd file on it? eg, how do you specify a kernel on cdrom and
> /etc/fstab on wd0a? and/or make a cdrom/kernel to use hd0 as root
> fs after booting cd0:netbsd?
At the moment, no I can't tell you much, but it wouldn't help you all that
much, as far as I can tell. CGD does not support booting at startup (as
GELI does), so encypting / isn't an option for you. Making you
installation "invisible" would boil down to having / on an external device
and "only" encrypting /usr and /var. Most of the data on a drive will
actually be in those two directories, but having / on a CD can be a pain
if you want to change any of the settings and if you have / on some other
device (some type of flash module for example), you won't be able to
remove that after booting.
Regards,
Chris