for those of you who don't like making filesystems on vnds inside
files, i have something resembling good news for you: you can use
vnd to encrypt your disk - or large parts thereof.

this is a really good way to nuke an otherwise useful disk. it's
no one's fault but your own if you kill your computer because you
tried this without understanding what's going on (and maybe testing
with vmware first).

short version: vnconfig -k <svnd> <blkdev>
  [do stuff to svnd]

long version:
1) make sure you have some space on your drive for this:
 here's what my disklabel looks like; for today's demo
 i'll use wd0f:

desdemona:ttyp7# dmesg | grep wd0
wd0 at pciide0 channel 0 drive 0: <HITACHI_DK23CA-20>
wd0: 16-sector PIO, LBA, 19077MB, 16383 cyl, 16 head, 63 sec, 39070080 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
desdemona:ttyp7# fdisk wd0
Disk: wd0       geometry: 2432/255/63 [39070080 Sectors]
Offset: 0       Signature: 0xAA55
         Starting       Ending       LBA Info:
 #: id    C   H  S -    C   H  S [       start:      size   ]
------------------------------------------------------------------------
 0: 00    0   0  0 -    0   0  0 [           0:           0 ] unused
 1: 00    0   0  0 -    0   0  0 [           0:           0 ] unused
 2: 00    0   0  0 -    0   0  0 [           0:           0 ] unused
*3: A6    0   1  1 - 2431 254 63 [          63:    39070017 ] OpenBSD
desdemona:ttyp7# disklabel wd0
16 partitions:
#        size   offset    fstype   [fsize bsize   cpg]
  a:   524160  1048320    4.2BSD     4096 32768    16   # (Cyl. 1040 - 1559)
  b:  1048257       63      swap                        # (Cyl.    0*- 1039)
  c: 39070080        0    unused        0     0         # (Cyl.    0 - 38759)
  d:   524160  1572480    4.2BSD     2048 16384    16   # (Cyl. 1560 - 2079)
  e:  2097648  2096640    4.2BSD     4096 32768    16   # (Cyl. 2080 - 4160)
  f:  2097648  4194288    4.2BSD     4096 32768    16   # (Cyl. 4161 - 6241)
  g: 32778144  6291936    4.2BSD     4096 32768    16   # (Cyl. 6242 - 38759)

2) configure your vnode properly
desdemona:ttyp7# sudo vnconfig -k svnd1 /dev/wd0f
Encryption key: foo

3) disklabel your new encrypted "disk"
desdemona:ttyp7# sudo disklabel -E svnd1
disklabel: Can't get bios geometry: Device not configured

Initial label editor (enter '?' for help at any prompt)
> p
device: /dev/rsvnd1c
type: SCSI
disk: vnd device
label: fictitious
bytes/sector: 512
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 0
total sectors: 536870911
free sectors: 536870911
rpm: 3600

16 partitions:
#        size   offset    fstype   [fsize bsize   cpg]
  c: 536870911        0    unused        0     0        # (Cyl.    0 - 5368709*)
> e
Changing device parameters for /dev/rsvnd1c:
disk type: [SCSI]
label name: [fictitious]
sectors/track: [100] 1024
tracks/cylinder: [1] 16
sectors/cylinder: [100] 16384
number of cylinders: [0]
total sectors: [536870911] 2097648
rpm: [3600]
interleave: [1]
> p
device: /dev/rsvnd1c
type: SCSI
disk: vnd device
label: fictitious
bytes/sector: 512
sectors/track: 1024
tracks/cylinder: 16
sectors/cylinder: 16384
cylinders: 0
total sectors: 2097648
free sectors: 2097648
rpm: 3600

16 partitions:
#        size   offset    fstype   [fsize bsize   cpg]
  c: 536870911        0    unused        0     0        # (Cyl.    0 - 32767*)
> m c
FS type: [unused]
offset: [0]
size: [536870911] 2097648
> a a
offset: [0]
size: [2097648]
FS type: [4.2BSD]
> p
device: /dev/rsvnd1c
type: SCSI
disk: vnd device
label: fictitious
bytes/sector: 512
sectors/track: 1024
tracks/cylinder: 16
sectors/cylinder: 16384
cylinders: 0
total sectors: 2097648
free sectors: 0
rpm: 3600

16 partitions:
#        size   offset    fstype   [fsize bsize   cpg]
  a:  2097648        0    4.2BSD     1024  8192    16   # (Cyl.    0 - 128*)
  c:  2097648        0    unused        0     0         # (Cyl.    0 - 128*)
> w
> q
No label changes.

4) format your shiny new disk

desdemona:ttyp7# sudo newfs svnd1a
Warning: inode blocks/cyl group (124) >= data blocks (31) in last
    cylinder group. This implies 496 sector(s) cannot be allocated.
/dev/rsvnd1a:   2097152 sectors in 512 cylinders of 4 tracks, 1024 sectors
        1024.0MB in 32 cyl groups (16 c/g, 32.00MB/g, 7680 i/g)
super-block backups (for fsck -b #) at:
 32, 66592, 133152, 199712, 262176, 328736, 395296, 461856, 524320, 590880,
 657440, 724000, 786464, 853024, 919584, 986144, 1048608, 1115168, 1181728,
 1248288, 1310752, 1377312, 1443872, 1510432, 1572896, 1639456, 1706016,
 1772576, 1835040, 1901600, 1968160, 2034720,

5) mount it

desdemona:ttyp7# sudo mount /dev/svnd1a /scratch
desdemona:ttyp7# df -h /scratch
Filesystem    Size   Used  Avail Capacity  Mounted on
/dev/svnd1a   993M   1.0K   944M     0%    /scratch

there you have it. make sure you use the s(ynchronous) devices.
just for laughs, fill up your filesystem with a file full of zeros,
delete it, and copy in something like the source tree. after you
unmount and unconfigure the vnode, you can do 'dd if=/dev/wd0f | strings"
and not see anything meaningful.

caveats: this seems a little bit ... "unstable". i would not yet
recommend trying this stunt on a non-sacrificial machine. i've made
my machine lock up twice this way, probably because i had mounted
the filesystem async, was zeroing it, and dd|strings-ing it all at
the same time. probably a case of "doctor, it hurts when i shoot
myself in the foot!"

the disklabel does not seem to persist across vnode {,un}configure.
it's probably something i did wrong.

be vewwy vewwy quiet... heh heh errrr... very very careful. i hope
you noticed that i specified the start and end and number of sectors
in my encrypted disk. if you don't do that correctly you could very
well scribble junk all over your disk.

CK

-- 
Chris Kuethe, GCIA CISSP: Secure Systems Specialist - U of A CNS
      office: 157 General Services Bldg.    +1.780.492.8135
              chris.kuethe@[pyxis.cns.]ualberta.ca

     GDB has a 'break' feature; why doesn't it have 'fix' too?