Subject: Re: enabling cgd by default
To: Alistair Crooks <agc@pkgsrc.org>
From: David Brownlee <abs@NetBSD.org>
List: tech-kern
Date: 08/07/2007 18:06:34
On Tue, 7 Aug 2007, Alistair Crooks wrote:
> On Tue, Aug 07, 2007 at 12:26:44PM +0200, Alan Barrett wrote:
>> None of our GENERIC* or INSTALL* kernels include support for cgd (the
>> encrypted disk driver). What is the reason for this (e.g. legal
>> concerns, kernel size concerns, software quality concerns, nobody has
>> got around to enabling it yet)? I have been using cgd for several years
>> with no problems, and the absence of cgd is the biggest reason why I am
>> unable to use a GENERIC_LAPTOP kernel.
>>
>> I would like to add "pseudo-device cgd 4" to all those GENERIC-like
>> and INSTALL-like kernel configurations that don't have tight size
>> constraints. I propose to use the presence of "pseudo-device raid" as
>> an indicator for the absence of tight size constraints.
>
> In the past, it's been because we don't ship crypto by default,
> just in case it makes it to one of the proscribed countries I
> suppose.
>
> I have other reasons for requiring custom kernels, but I would
> like to see cgd in there by default. I'd also think that raidframe
> in GENERIC_LAPTOP is probably overkill, but I'd also echo Greg's
> remarks - raidframe is actually quite a lean beast, and I do not
> know what I'd do without it. Just not on my lappy.
External USB/firewire disks? :)
But consider this support for cgd in all non space constrained
kernels, and raidframe in as many, (or almost as many if
we must :)
--
David/absolute -- www.NetBSD.org: No hype required --