From owner-freebsd-questions@FreeBSD.ORG Sat Sep 23 02:39:46 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7D6216A407 for ; Sat, 23 Sep 2006 02:39:46 +0000 (UTC) (envelope-from gary@gnomonic.org) Received: from mail-ihug.icp-qv1-irony2.iinet.net.au (ihug-mail.icp-qv1-irony2.iinet.net.au [203.59.1.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFA5843D45 for ; Sat, 23 Sep 2006 02:39:44 +0000 (GMT) (envelope-from gary@gnomonic.org) Received: from unknown (HELO elegia.gnomonic.org) ([203.206.97.36]) by mail-ihug.icp-qv1-irony2.iinet.net.au with ESMTP; 23 Sep 2006 10:39:25 +0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== X-IronPort-AV: i="4.09,205,1157299200"; d="scan'208"; a="644512937:sNHT33586067054" Received: by elegia.gnomonic.org (Postfix, from userid 1001) id 42C68395; Sat, 23 Sep 2006 12:38:35 +1000 (EST) Date: Sat, 23 Sep 2006 12:38:34 +1000 From: Gary Newcombe To: freebsd-questions@freebsd.org Message-Id: <20060923123834.c72119da.gary@pattersonsoftware.com> Organization: Patterson Software X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: phatfish@gmail.com Subject: Creating a bootable CD with CD Loader X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Sep 2006 02:39:46 -0000 On Fri, 22 Sep 2006 17:45:36 +0100 "Chris" wrote: > Hi, I'm looking to create my own custom boot CD that will be used to > bootstrap fully encrypted system using GEOM ELI. All the CD needs to do is > load a kernel to initialize the encrypted root partition on the HDD, and > read a key file to decrypt it. Hi Chris, I recently did this for two laptops, one booting from usb and the other from cd with both of them getting the key from a usb drive. If your key is on the cd, then it's no problem. A bit harder if you have to boot from cd and then mount a usb drive to read the key. > I ripped the CD Loader image out of one of the FreeBSD 6.1 CD's, and it > seems to work as wanted. It loads the kernel from the system I'm running at > the moment, I just put my current /boot directory on the CD (although it > doesn't fully boot, i guess it just needs some config changes). How do you mean it doesn't boot fully? Creating a bootable cd is in the handbook. # mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/cdfiles Your tmp/cdfiles should contain a boot folder matching that on the encrypted system. You'll only need the kernel and modules that you load though and gzipping them will speed up the slow boot. You'll also need to modify your loader.conf: geom_eli_load="YES" kern.geom.eli.debug=0 kern.geom.eli.visible_passphrase=0 geli_ad0_keyfile0_load="YES" geli_ad0_keyfile0_type="ad0:geli_keyfile0" geli_ad0_keyfile0_name="/ad0.key" You'll also need an /etc/fstab in /tmp/cdfiles with the root partition: eg /dev/ad0.elia / ufs rw 1 1 The other thing I recall is that bug kbdmux bug in 6.1. Shows up on some but not all from what I can remember. If you are using a password as well as a key, and the keyboard seems to have frozen when you try to enter the password, try this in device.hints: hint.kbdmux.0.disabled="1" Cheers Gary