Since I need to have a small partition to host linux because of skype and other blobby software, I cannot fully encrypt my drive using softraid. For this, I create a partition as big as possible to host
/home in it and I get it encrypted.
As a reference, my partitions and their sizes are as follow (including a sd0b, swap of 8G):
Filesystem Size Used Avail Capacity Mounted on /dev/sd0a 2.9G 1.2G 1.6G 42% / /dev/sd0d 2.9G 79.3M 2.7G 3% /tmp /dev/sd0f 9.8G 1.9G 7.5G 20% /usr /dev/sd0l 486M 262M 200M 57% /usr/X11R6 /dev/sd0g 14.8G 13.2G 869M 94% /usr/local /dev/sd0e 486M 92.0M 370M 20% /var /dev/sd1a 325G 272G 36.3G 88% /home
As you can see,
/home has a different filesystem. In this page I explain step by step how to get any partition encrypted and mounted upon boot (I’ll be using
/home for the example).
After the usual installation, first you have to cange the FS type of the partition you want to encript to RAID
# disklabel -E /dev/sd0c Label editor (enter '?' for help at any prompt) > m h offset:  size:  FS type: [4.2BSD] RAID > w > q
Write it over with random data
# umount /home/ # dd if=/dev/random of=/dev/rsd0h bs=4m
Get your passphrase to attach the CRYPTO volume
# bioctl -c C -l /dev/sd0h softraid0 New passphrase: Re-type passphrase: softraid0: CRYPTO volume attached as sd1
Note that it’s sd1, don’t get confused from now. This is your new volume.
Zero out the first megabyte as well and create a partition “i”:
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 1+0 records in 1+0 records out 1048576 bytes transferred in 0.017 secs (59328731 bytes/sec)
# fdisk -iy sd1 Writing MBR at offset 0.
# disklabel -E sd1 Label editor (enter '?' for help at any prompt) > a a offset:  size:  FS type: [4.2BSD] Rounding size to bsize (64 sectors): 460728064 > w > q No label changes.
Create the new file system
# newfs /dev/rsd1a
/home, or delete it, from
/etc/fstab and then add these bits to
for attept in 1 2 3 4; do bioctl -c C -l df31d27ca420f865.h softraid0 && break sleep 1 done /usr/games/fortune -o sleep 3 fsck /dev/rsd1a mount -o nodev,nosuid,softdep cd321eba8d5d7422.a /home
The system will give up after four failed attempts. I got this last piece from Eric Radman. It is a good idea to use the uid format instead of /dev/sd1, because next time you plug in a, say, usb drive, the system might get confused. The line with
fortune -o is to make your day more interesting.
You can retrieve the uid of the disk by running
disklabel sd0a | grep uid
and of the encrypted partition by running
disklabel sd1a | grep uid