Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)

On Mon, 23 Mar 2009, Todd Vierling wrote:

> On Mon, Mar 23, 2009 at 4:42 AM, David Brownlee <abs <at> netbsd.org> wrote:
>>        A SoC project to add cgd support to the bootblocks and code to
>>        pass across to the kernel could be very worthwhile...
>
> /me perks up and peers out from his cubicley jail lined with systems
> unfortunately not running nbsd....
>
> There's a reason every single one of my Windoze systems use TrueCrypt
> system drive level encryption.  Not one sector hits the disk without
> going through at least an AES-Twofish cascade.

 	Very reasonable approach - our Windows laptops are all
 	setup similarly. Its very simple to switch a existing
 	Windows box across to truecrypt, and from the user's
 	perspective after that they just have a passphrase to type
 	before they boot.

 	Converting a running system to an encryped filesystem without
 	requiring a dump/restore is a very nice additional feature, but
 	I think NetBSD would really benefit from 'just' the cgd support
 	in the bootblocks and passing the relevant data across to the
 	kernel so it can get a cgd encrypted root filesystem...

 	Now... where could we find someone willing to at least mentor
 	such a project, if not take it on as a student? :)

--

-- 
 		David/absolute       -- www.NetBSD.org: No hype required --