On Mon, 23 Mar 2009, Todd Vierling wrote:
On Mon, Mar 23, 2009 at 4:42 AM, David Brownlee <abs%netbsd.org@localhost> wrote:A SoC project to add cgd support to the bootblocks and code to pass across to the kernel could be very worthwhile.../me perks up and peers out from his cubicley jail lined with systems unfortunately not running nbsd.... There's a reason every single one of my Windoze systems use TrueCrypt system drive level encryption. Not one sector hits the disk without going through at least an AES-Twofish cascade.
Very reasonable approach - our Windows laptops are all
setup similarly. Its very simple to switch a existing
Windows box across to truecrypt, and from the user's
perspective after that they just have a passphrase to type
before they boot.
Converting a running system to an encryped filesystem without
requiring a dump/restore is a very nice additional feature, but
I think NetBSD would really benefit from 'just' the cgd support
in the bootblocks and passing the relevant data across to the
kernel so it can get a cgd encrypted root filesystem...
Now... where could we find someone willing to at least mentor
such a project, if not take it on as a student? :)
--
David/absolute -- www.NetBSD.org: No hype required --