--- wikisrc/security/cgdroot.mdwn	2017/02/10 11:10:53	1.14
+++ wikisrc/security/cgdroot.mdwn	2018/01/14 04:12:25	1.15
@@ -19,7 +19,7 @@ The boot partition on disk needs to cont
 * a GENERIC kernel
 * the `cgdroot.kmod` kernel module
 * the configuration file for CGD, `cgd.conf`
-* the encryption key for the volume to start from, named after its partition (like `wd0f`)
+* the CGD parameters file for the volume, named after its partition (like `wd0f`), which determines how the encryption key is derived and verified
 
 Once loaded the memory disk mounts the `wd0a` partition onto `/etc/cgd`, and asks for the encryption passphrase as usual (with [[!template id=man name="cgdconfig" section="8"]]). If successful, the `cgd0a` volume configured is mounted on `/altroot`, and [[!template id=man name="init" section="8"]] is told via [[!template id=man name="sysctl" section="7"]] to chroot into this volume before actually booting. The system then starts normally.