Date: Tue, 5 Feb 2013 11:17:20 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: mhca12 <mhca12@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: vfs.root.mountfrom with geli Message-ID: <20130205111720.024ec14a@fabiankeil.de> In-Reply-To: <CAHUOman57P3-E51pOMCYM268PgdSM8XWgZ4m0JnP%2BxVjcGN4YA@mail.gmail.com> References: <CAHUOmamNgfe3k2rp0tN1toc9U9LGkmsyh6XJCGBwD_ZqBpBakw@mail.gmail.com> <20130204130635.3a66d412@fabiankeil.de> <CAHUOmami4D01OpUiFqkb8F8Cjmt=yTA_qgwHYnNdshyiE_tXDQ@mail.gmail.com> <20130204182303.59c9ac72@fabiankeil.de> <CAHUOman57P3-E51pOMCYM268PgdSM8XWgZ4m0JnP%2BxVjcGN4YA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/koj5fZ3XIJq_Mq8czgdN9KF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable mhca12 <mhca12@gmail.com> wrote: > On Mon, Feb 4, 2013 at 6:23 PM, Fabian Keil wrote: > > mhca12 <mhca12@gmail.com> wrote: > > > >> On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: > >> > mhca12 <mhca12@gmail.com> wrote: > >> > > >> >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 > >> >> but I get always stuck because the kernel doesn't ask me for the > >> >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the > >> >> label I gave to the root partition. I also tried with /dev/ada0p3.e= li > >> >> without success. > >> >> > >> >> Tried the following two /boot/loader.config variations: > >> >> 1: > >> >> geom_eli_load=3D"YES" > >> >> vfs.root.mountfrom=3D=E2=80=9Dufs:/dev/gpt/enc.eli=E2=80=9D > >> >> 2: > >> >> geom_eli_load=3D"YES" > >> >> vfs.root.mountfrom=3D=E2=80=9Dufs:/dev/ada0p3.eli=E2=80=9D > >> >> > >> >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from > >> >> the livecd. > >> >> > >> >> Can you advise me what I might have done wrong or what I > >> >> should try? > >> >> > >> >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freeb= sd-9-x-well-almost/ > >> > > >> > This guide doesn't seem to match your configuration. > >> > It uses ada0p3.eli for swapping and additionally uses keyfiles. > >> > > >> > Without knowing your actual configuration it's impossible to > >> > give proper advice. You could check with "geli list ada0p3" if > >> > the boot flag is set, but that's obviously just a wild guess ... > >> > >> Forgot to list my simpler setup: > >> ada0p1 freebsd-boot > >> ada0p2 freebsd-ufs label boot /boot > >> ada0p3 geli freebsd-ufs label enc / > >> > >> Do I have to set the boot flag for any of them? > > > > The geli passphrase is only requested at boot time for providers that > > have the geli boot flag set (for details see geli(8)). If it isn't set > > on ada0p3 it would explain the described behaviour. >=20 > Fabian thanks a lot. Maybe I forgot -b during geli init but a > geli configure -b /dev/ada0p3.eli fixed it. FreeBSD is so > well structured and logical in this regard and hopefully > in many others as I heard. >=20 > In vfs.root.mountfrom only =E2=80=9Dufs:/dev/ada0p3.eli=E2=80=9D works and > the /dev/gpt/enc.eli doesn't. Is it supposed to? "doesn't" isn't a particular helpful problem description. Probably geli tastes ada0p3 before gpt/enc and once ada0p3 has been attached gpt/enc is hidden and thus can't be attached anymore. gpt labels aren't intentionally designed not to work with geli, but tasting races at boot time are a known limitation and also affect other geom classes. As a workaround you could use glabel labels instead. I use them for external disks to be able to geli attach them automatically using a known name, but for internal disks whose names don't frequently change I usually don't bother. Fabian --Sig_/koj5fZ3XIJq_Mq8czgdN9KF Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEQ3DgACgkQBYqIVf93VJ0vzwCgpAx54xTq6ielQP9MGTj0EMGV 4f8AoJ7dC/2nmSYIC0OPKSheKgvCZ+Zl =YypM -----END PGP SIGNATURE----- --Sig_/koj5fZ3XIJq_Mq8czgdN9KF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130205111720.024ec14a>