OpenBSD finally adds bootable disk encryption to its installer

Full disk encryption is very important in today's computing environment, but sadly some operating systems still do not provide an easy and streamlined way to set up an encrypted disk at installation time. Fortunately, in the next release of OpenBSD, they have added a bootable disk encryption option to the installer.

Incorporated starting this week is initial support for boot disk encryption. Rather than manually setting the encrypted disk configuration, this is the base OpenBSD encrypted disk that the installer sets up when necessary. Klemens Nanni, an OpenBSD developer, explains this in his commit

Initial support for bootable disk encryption

A new issue covers the most common use cases, such as
Manual setup in (S)hell or '!' No longer required before installation:

Encrypt root disk? (Disk, "No" or "?" for details) [No]?

Create a password protected CRYPTO softraid volume to use as the root disk.

The available disk is: sd0.
Encrypt root disk? (disk, 'no' or '?' for details) [no]

Usage of keydisk or different disciplines is not included.
Asked only in interactive installations; no automatic installation (8) or upgrades.
Currently only accessible on i386, amd64, sparc64 and riscv64 (arm64 WIP).

It's nice to see this simpler disk encryption setup coming to the OpenBSD installer.

Given the usual OpenBSD release cadence, the next version should be available in April to May.

The above is the detailed content of OpenBSD finally adds bootable disk encryption to its installer. For more information, please follow other related articles on the PHP Chinese website!