--- wikisrc/security/cgdroot.mdwn 2017/02/10 11:10:53 1.14 +++ wikisrc/security/cgdroot.mdwn 2018/01/14 04:12:25 1.15 @@ -19,7 +19,7 @@ The boot partition on disk needs to cont * a GENERIC kernel * the `cgdroot.kmod` kernel module * the configuration file for CGD, `cgd.conf` -* the encryption key for the volume to start from, named after its partition (like `wd0f`) +* the CGD parameters file for the volume, named after its partition (like `wd0f`), which determines how the encryption key is derived and verified Once loaded the memory disk mounts the `wd0a` partition onto `/etc/cgd`, and asks for the encryption passphrase as usual (with [[!template id=man name="cgdconfig" section="8"]]). If successful, the `cgd0a` volume configured is mounted on `/altroot`, and [[!template id=man name="init" section="8"]] is told via [[!template id=man name="sysctl" section="7"]] to chroot into this volume before actually booting. The system then starts normally.