|
version 1.14, 2017/02/10 11:10:53
|
version 1.15, 2018/01/14 04:12:25
|
|
Line 19 The boot partition on disk needs to cont
|
Line 19 The boot partition on disk needs to cont
|
| * a GENERIC kernel |
* a GENERIC kernel |
| * the `cgdroot.kmod` kernel module |
* the `cgdroot.kmod` kernel module |
| * the configuration file for CGD, `cgd.conf` |
* the configuration file for CGD, `cgd.conf` |
| * the encryption key for the volume to start from, named after its partition (like `wd0f`) |
* the CGD parameters file for the volume, named after its partition (like `wd0f`), which determines how the encryption key is derived and verified |
| |
|
| Once loaded the memory disk mounts the `wd0a` partition onto `/etc/cgd`, and asks for the encryption passphrase as usual (with [[!template id=man name="cgdconfig" section="8"]]). If successful, the `cgd0a` volume configured is mounted on `/altroot`, and [[!template id=man name="init" section="8"]] is told via [[!template id=man name="sysctl" section="7"]] to chroot into this volume before actually booting. The system then starts normally. |
Once loaded the memory disk mounts the `wd0a` partition onto `/etc/cgd`, and asks for the encryption passphrase as usual (with [[!template id=man name="cgdconfig" section="8"]]). If successful, the `cgd0a` volume configured is mounted on `/altroot`, and [[!template id=man name="init" section="8"]] is told via [[!template id=man name="sysctl" section="7"]] to chroot into this volume before actually booting. The system then starts normally. |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to cgdroot.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / security