encrypting /etc

encrypting /etc

encrypting /etc : fun with vnd devices

I've been using a /home filesystem on an encrypted vnd device on laptops for some time now. Steal the laptop, well, you just get a laptop. At least for the sorts of people likely to steal my laptop.

But there's still /etc. It's got things like network information, passwords (even though encrypted), perhaps VPN configuration. Interesting things. What if we could encrypt that?

Actually, we might like to do the whole machine. But /etc is the hard part, because it needs to be bootstrapped somehow. The rest of the machine is an extension from there.

There's no package, and it takes some effort to setup. But it works. Tar file and instructions below (tar file has instructions in it as well).

you'll need /usr/src installed
download cvnetc-0.1.tgz (md5/sha1/rmd160)
tar xzvf cvnetc-0.1.tgz
read and follow the directions in installation.txt

CAVEATS

This is pre-alpha stuff. I just tried it and fiddled with it until it worked, and I hope I remembered everything in the instructions, and the few tweaks I make to the cvn* scripts. No warranties at all. Any errors, let me know; but don't blame me if you hose your machine trying this.

(Oh yeah, this is on OpenBSD, of course.)