There’s a short thread running on the DragonFly users@ list about disk encryption; there’s some descriptions of encryption work there for the curious.
Isn’t disk encryption rather pointless when the most crucial part of an OS, the kernel + modules are unencrypted somewhere on the disk?
Unless you have verified exec or signed kmods or smth like that…
This depends on your thread model. If you just want to protect a powered down lost/stolen computer than it works. If $spyAgency sends a evil maid to change your bootloader into keylogger than you’re screwed.
DragonFly BSD Digest