Where is the CRYPTO key disk function documented, such as,
* What partition is the key disk loaded from?
I guess it's "any BSD partition labelled "RAID" on any physical disk
that is reachable by the BIOS", but I don't see it written up anywhere.
* How big must the key disk be to host the keydisk metadata?
(Maybe addressed on ML before but can't find, would be great to have
an 'authoritative' place in man page which says that, or clue about
place in code)
* installboot performs a piece of smartness in that if your encrypted
softraid sd1 is mentioned in the "Which disk is your root disk? [sd0]"
question in the installer, then, installboot will resolve that sd0 is
the parent disk for the sd1 softraid, and install the boot code there
instead. (This is indeed what OpenBSD does.)
I guess installboot(8) would be a good place to write this up
(http://man.openbsd.org/installboot.8).
This clarity saves one of worry in answering that question in the
installer (which I addressed in the just posted separate ML thread at
https://marc.info/?l=openbsd-misc&m=148542122600536&w=2 ).
* If the OpenBSD boot loader is on the same disk as the key disk then
what minimum offset does the key disk need to have - i.e., how big is
the boot loader currently and in what file is it, and to what offset is
it written?
(I think it's 63 or 64, and this is normally compensated for in an
UFS filesystem as they start with reserved sectors, but a crypto keydisk
is a SOFTRAID partition and does not do that - a previous ML thread
answered this one but can't resolve it now.)
It would be great to be able to retrieve this info from some man page.
* Finally, the magic words "The boot loader will both input passwords
and resolve and load keydisks to unlock the crypto" could be added after
"boot supports booting from softraid(4) RAID 1 and CRYPTO volumes." in
http://man.openbsd.org/boot.8 .
Thanks,
Tinker
