From owner-freebsd-questions@freebsd.org Sat Feb 15 23:12:18 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5B14724BF77 for ; Sat, 15 Feb 2020 23:12:18 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48KmH51q8Kz4Klb for ; Sat, 15 Feb 2020 23:12:17 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Sat, 15 Feb 2020 15:12:10 -0800 To: freebsd-questions@freebsd.org From: David Christensen Subject: Booting FreeBSD with MBR, GELI, ZFS, and changing provider names Message-ID: <65eb848c-5c53-4f41-30ef-496c19ad4651@holgerdanske.com> Date: Sat, 15 Feb 2020 15:12:09 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48KmH51q8Kz4Klb X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 184.105.128.27) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-1.63 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.939,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.59)[ipnet: 184.104.0.0/15(0.66), asn: 6939(-3.58), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[holgerdanske.com]; RCVD_IN_DNSWL_NONE(0.00)[27.128.105.184.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Feb 2020 23:12:18 -0000 On 2020-02-13 20:08, David Christensen wrote: > I put my operating system installations on single, small 2.5" SATA > SSD's and I put 2.5" SATA trayless disk bays in my computers. This > both facilitates imaging and allows me to mix and match as required. > > > For FreeBSD, I use ZFS throughout. > > > Not all of my computers support booting from GPT, so I use MBR for > system drives. > > > The default FreeBSD installer wants to use the entire disk, so I > hacked the memstick installer and/or choose the following in the > installer: > > - 1 MiB alignment for everything > > - 14 GiB slice > > - 2 GiB boot partition, copies=2 > > - 2 GiB swap partition, mirrored > > - 10 GiB root partition, copies=2 > > > The most obvious downside is that MBR does not support labels. So, > the FreeBSD boot system uses device node names. This means I have to > ensure that the system drive is always ada0 -- during install, > whenever I move the drive to another machine, and whenever I add or > remove drives or controllers. If the drive comes up as the wrong > device node, I move SATA cables around. Here is the example system: 2020-02-15 13:25:07 toor@beastie ~ # freebsd-version ; uname -a 12.1-RELEASE FreeBSD beastie.tracy.holgerdanske.com 12.1-RELEASE FreeBSD 12.1-RELEASE r354233 GENERIC amd64 Here is the system disk: 2020-02-15 13:18:27 toor@beastie ~ # gpart show -p ada0 ada0s1 => 63 117231345 ada0 MBR (56G) 63 1985 - free - (993K) 2048 29360128 ada0s1 freebsd [active] (14G) 29362176 87869232 - free - (42G) => 0 29360128 ada0s1 BSD (14G) 0 4194304 ada0s1a freebsd-zfs (2.0G) 4194304 4194304 ada0s1b freebsd-swap (2.0G) 8388608 20971520 ada0s1d freebsd-zfs (10G) 2020-02-15 14:02:28 toor@beastie ~ # geli status | egrep 'Name|swap|ada0' Name Status Components ada0s1d.eli ACTIVE ada0s1d mirror/swap.eli ACTIVE mirror/swap 2020-02-15 14:03:11 toor@beastie ~ # zpool list | egrep 'NAME|boot|root' NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT beastie_zroot 9.50G 1.05G 8.45G - - 2% 11% 1.04x ONLINE - bootpool 1.88G 158M 1.72G - - 0% 8% 1.00x ONLINE - 2020-02-15 14:03:40 toor@beastie ~ # zfs list | egrep 'NAME|boot|root ' NAME USED AVAIL REFER MOUNTPOINT beastie_zroot 1.10G 8.15G 88K /beastie_zroot bootpool 157M 1.60G 156M /bootpool Note that there are no labels on the partitions: 2020-02-15 13:19:10 toor@beastie ~ # gpart show -p -l ada0 ada0s1 => 63 117231345 ada0 MBR (56G) 63 1985 - free - (993K) 2048 29360128 ada0s1 (null) [active] (14G) 29362176 87869232 - free - (42G) => 0 29360128 ada0s1 BSD (14G) 0 4194304 ada0s1a (null) (2.0G) 4194304 4194304 ada0s1b (null) (2.0G) 8388608 20971520 ada0s1d (null) (10G) Here is /boot/loader.conf: 2020-02-15 14:11:12 toor@beastie ~ # cat /boot/loader.conf aesni_load="YES" geli_ada0s1d_keyfile0_load="YES" geli_ada0s1d_keyfile0_name="/boot/encryption.key" geli_ada0s1d_keyfile0_type="ada0s1d:geli_keyfile0" geom_eli_load="YES" geom_eli_passphrase_prompt="YES" geom_mirror_load="YES" kern.geom.label.disk_ident.enable="0" kern.geom.label.gptid.enable="0" opensolaris_load="YES" vfs.root.mountfrom="zfs:beastie_zroot/ROOT/default" zfs_load="YES" zpool_cache_load="YES" zpool_cache_name="/boot/zfs/zpool.cache" zpool_cache_type="/boot/zfs/zpool.cache" If the provider names change, the FreeBSD boot process will fail when it reaches the point of decrypting the root partition -- it prompts for the passphrase, I enter the correct passphrase, the correct passphrase is rejected, the process repeats two more times, and then I am locked out. I am trying to figure out how to get the above FreeBSD system disk to boot correctly when the provider names change. This includes moving the system image between HDD's, SSD's, and USB flash drives with dd(1) (e.g. provider names ada* and da*). I am curious about the following tunables in /boot/loader.conf: kern.geom.label.disk_ident.enable="0" kern.geom.label.gptid.enable="0" loader.conf(5) mentions: kern.geom.label.*.enable Where are these two tunables documented, and does the following tunable exist? kern.geom.label.eli.enable Also, my ZFS data disks use GPT, have GPT labels, and they work. Looking at the /boot/loader.conf settings, above, I would expect that GPT labels should not work (?). (The solution on Debian GNU/Linux is to use /dev/disk/by-partuuid/* for swap and UUID=* for root in /etc/crypttab.) On 2020-02-14 22:50, Dewayne Geraghty wrote: > when using "glabel status" I can see both the glabel assigned label > and the tunefs file system label on an MBR usb drive > > label/ss1 N/A da0s2d ufs/ss1 N/A da0s2d label/keys N/A > da0s2e ufs/keys N/A da0s2e On 2020-02-15 06:30, RW via freebsd-questions wrote: > You can use glabel to label the drive, or label the individual > partitions. On 2020-02-15 11:14, Polytropon wrote: > Actually, there are several possible methods for labeling: > > 1. glabel (GEOM label) example: /dev/label/usr > > 2. tunefs label (UFS permanent label) example: /dev/ufs/usr > > 3. UFS-ID example: /dev/ufsid/486b6fc16926168e > > Sources: > > https://www.freebsd.org/doc/handbook/geom-glabel.html > > http://www.wonkity.com/~wblock/docs/html/labels.html The first URL provided by Polytropon and 'man glabel' both indicate that glabel(8) labels are written to the last sector of a provider. Neither states what happens when the provider contains GELI. I am hesitant to try it and break my system. 'man tunefs' indicates that tunefs(8) is for UFS. David