On Sun, Jan 31, 2021 at 12:06:37PM +0100, Stefan Sperling wrote:
>On Sun, Jan 31, 2021 at 11:47:04AM +0100, Stefan Sperling wrote:
>> In general, crypto softraid volumes don't auto-assemble.
>
>I forgot that softraid volumes that use a key disk instead of a
>passphrase will auto-assemble. Have you already tried that?
>A disklabel slice on the USB key could act as a key disk for
>the encrypted volume on the internal disk.
Thanks, that's a very interesting idea, I will try that and let you
know.
Looking thru the manpages, I don't see any provision for adding AND / OR
logic to keys (e.g require both passphrase AND keydisk to boot, require
passphrase OR keydisk, etc) the way Linux cryptsetup provides, at least,
OR-logic across multiple keyslots.
(Having multiple keyslots on an encrypted volume has saved me a few
times!)
Is there anything like this in OpenBSD?
No comments:
Post a Comment