> background: i'd like to have the whole hard drive on my laptop reside
> on cgd(4), including / file system.

Well, I can't help with cgd specifically, but I semi-recently built an
encrypted disk interface (I hadn't noticed cgd at the time, and it
isn't available for the rev in question anyway).  It specifically
supports encrypted root.  (Not encrypted boot, but I already have
machines with boot filesystems containing nothing but bootblocks and a
kernel, with root specifically configured elsewhere.)

To configure an encrypted disk (of my kind), you need to tell it the
what partition backs the disk and what key to use.  If you want
encrypted root, you use a config option when building the kernel to
specify the device and you must type the key at boot.  (I see no value
in having encrypted root if the key is available unencrypted, which it
must be if it is to be set automatically.  Have I missed something?)

Perhaps similar things could be added to cgd?

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B