On Sun, Oct 28, 2007 at 02:28:58PM +0100, Christian Baer wrote:
>On Thu, 25 Oct 2007 12:50:15 -0400 George Georgalis wrote:
>
>>>Put the kernel (or all of /) on a CD (or some other bootable media). Then
>>>encrypt everything else on the "hidden" machine. Although it sounds pretty
>>>compley, it's actually a pretty straight-forward procedure.
>>
>> Hey this is a pretty cool idea.
>
>I thought so too. :-)
>
>> Can you point to some doc, on making a bootable cd with only a
>> /netbsd file on it? eg, how do you specify a kernel on cdrom and
>> /etc/fstab on wd0a? and/or make a cdrom/kernel to use hd0 as root
>> fs after booting cd0:netbsd?
>
>At the moment, no I can't tell you much, but it wouldn't help you all that
>much, as far as I can tell. CGD does not support booting at startup (as
>GELI does), so encypting / isn't an option for you. Making you
>installation "invisible" would boil down to having / on an external device
>and "only" encrypting /usr and /var. Most of the data on a drive will
>actually be in those two directories, but having / on a CD can be a pain
>if you want to change any of the settings and if you have / on some other
>device (some type of flash module for example), you won't be able to
>remove that after booting.

well, _my_ interest for this is to use a cdrom to boot a kernel
where the OS is on a fibre device (lsi) that doesn't support
booting. So the bios boots the /netbsd on cdrom and proceeds to
mount the fibre /dev/sd0a as / (with the same kernel as on the
cdrom for symbols et al).

not essential but would be nice to use the raid-1 from the
disk enclosure for the OS.

// George


-- 
George Georgalis, information system scientist <IXOYE><