Date: Wed, 01 Oct 2014 16:58:27 -0500 From: Karl Denninger <karl@denninger.net> To: freebsd-stable@freebsd.org Subject: Re: Encrypted (GELI) root on ZFS troubles Message-ID: <542C7903.3010906@denninger.net> In-Reply-To: <542C7794.8040502@FreeBSD.org> References: <542C71C9.1050907@denninger.net> <542C7794.8040502@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms060102070300010507040903 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 10/1/2014 4:52 PM, Andriy Gapon wrote: > On 02/10/2014 00:27, Karl Denninger wrote: >> So here's the fun part of what I'm trying to do (and getting frustrate= d >> with) >> >> I have set up a GPT disk with the following setup: >> >> =3D> 34 625142381 da2 GPT (298G) >> 34 6 - free - (3.0K) >> 40 1024 1 freebsd-boot (512K) >> 1064 4194304 2 freebsd-zfs [bootme] (2.0G) >> 4195368 134217728 3 freebsd-swap (64G) >> 138413096 486729312 4 freebsd-zfs (232G) >> 625142408 7 - free - (3.5K) >> >> Then on freebsd-boot I have written the bootloaders. >> >> The "bootme" filesystem has *only* the /boot directory copied over fro= m >> the rest of the system's root directory (that is, the kernel, loadable= s, >> /boot/loader.conf, etc); that pool is called "zboot" >> >> Partition 4 has the label "root0" on it, and thus shows up in /dev/gpt= =2E=20 >> I have initialized that with geli, set the boot option flag (that is, >> prompt on boot) and created a pool called "root" on the resulting .eli= >> device and then put the system on that. That's all ok. >> >> Finally, I set the bootfs on that latter pool. There is no bootfs set= >> on /zboot: >> >> # zpool get bootfs zboot >> NAME PROPERTY VALUE SOURCE >> zboot bootfs - default >> >> It is set on the root pool to the proper filesystem: >> >> # zpool get bootfs root >> NAME PROPERTY VALUE SOURCE >> root bootfs root/R/10.1-CLEAN local >> >> The problem is that when the system boots geli "finds" the raw device >> (in this case /dev/da0p4), prompts for the password and attaches there= >> instead of in /dev/gpt. The gpt label is missing --- and equally bad >> the "root" pool does not appear to import at boot time either. >> >> As a result the system tries to mount root from /zboot (even though it= 's >> not been told to, and HAS been told where to mount off the root pool),= > As far as *I* can see, you have not told the kernel what your root fs s= hould be, > so it is using a default root filesystem which the same filesystem from= where > the kernel itself was loaded. > >> but there's no init in there (or anything else other than the boot >> filesystem itself) and as a result I get an immediate panic. >> Various wikis on setting this up have strongly suggested that /boot/loader.conf no longer needs to have the root filesystem declared explicitly as it is able to locate it via looking in the pool metadata.=20 Is this wrong in this specific case? (Not a huge deal if so, but it's not at all clear that's true -- and it doesn't do anything for the issue of geli grabbing the base device rather than the /dev/gpt one.) --=20 Karl Denninger karl@denninger.net <mailto:karl@denninger.net> /The Market Ticker/ --------------ms060102070300010507040903 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFTzCC BUswggQzoAMCAQICAQgwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI EwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoTEEN1ZGEgU3lzdGVtcyBM TEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExLzAtBgkqhkiG9w0BCQEWIGN1c3Rv bWVyLXNlcnZpY2VAY3VkYXN5c3RlbXMubmV0MB4XDTEzMDgyNDE5MDM0NFoXDTE4MDgyMzE5 MDM0NFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExFzAVBgNVBAMTDkthcmwg RGVubmluZ2VyMSEwHwYJKoZIhvcNAQkBFhJrYXJsQGRlbm5pbmdlci5uZXQwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQC5n2KBrBmG22nVntVdvgKCB9UcnapNThrW1L+dq6th d9l4mj+qYMUpJ+8I0rTbY1dn21IXQBoBQmy8t1doKwmTdQ59F0FwZEPt/fGbRgBKVt3Quf6W 6n7kRk9MG6gdD7V9vPpFV41e+5MWYtqGWY3ScDP8SyYLjL/Xgr+5KFKkDfuubK8DeNqdLniV jHo/vqmIgO+6NgzPGPgmbutzFQXlxUqjiNAAKzF2+Tkddi+WKABrcc/EqnBb0X8GdqcIamO5 SyVmuM+7Zdns7D9pcV16zMMQ8LfNFQCDvbCuuQKMDg2F22x5ekYXpwjqTyfjcHBkWC8vFNoY 5aFMdyiN/Kkz0/kduP2ekYOgkRqcShfLEcG9SQ4LQZgqjMpTjSOGzBr3tOvVn5LkSJSHW2Z8 Q0dxSkvFG2/lsOWFbwQeeZSaBi5vRZCYCOf5tRd1+E93FyQfpt4vsrXshIAk7IK7f0qXvxP4 GDli5PKIEubD2Bn+gp3vB/DkfKySh5NBHVB+OPCoXRUWBkQxme65wBO02OZZt0k8Iq0i4Rci WV6z+lQHqDKtaVGgMsHn6PoeYhjf5Al5SP+U3imTjF2aCca1iDB5JOccX04MNljvifXgcbJN nkMgrzmm1ZgJ1PLur/ADWPlnz45quOhHg1TfUCLfI/DzgG7Z6u+oy4siQuFr9QT0MQIDAQAB o4HWMIHTMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIF4DAsBglg hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHw4 +LnuALyLA5Cgy7T5ZAX1WzKPMB8GA1UdIwQYMBaAFF3U3hpBZq40HB5VM7B44/gmXiI0MDgG CWCGSAGG+EIBAwQrFilodHRwczovL2N1ZGFzeXN0ZW1zLm5ldDoxMTQ0My9yZXZva2VkLmNy bDANBgkqhkiG9w0BAQUFAAOCAQEAZ0L4tQbBd0hd4wuw/YVqEBDDXJ54q2AoqQAmsOlnoxLO 31ehM/LvrTIP4yK2u1VmXtUumQ4Ao15JFM+xmwqtEGsh70RRrfVBAGd7KOZ3GB39FP2TgN/c L5fJKVxOqvEnW6cL9QtvUlcM3hXg8kDv60OB+LIcSE/P3/s+0tEpWPjxm3LHVE7JmPbZIcJ1 YMoZvHh0NSjY5D0HZlwtbDO7pDz9sZf1QEOgjH828fhtborkaHaUI46pmrMjiBnY6ujXMcWD pxtikki0zY22nrxfTs5xDWGxyrc/cmucjxClJF6+OYVUSaZhiiHfa9Pr+41okLgsRB0AmNwE f6ItY3TI8DGCBQowggUGAgEBMIGjMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlk YTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3RlbXMgTExDMRwwGgYD VQQDExNDdWRhIFN5c3RlbXMgTExDIENBMS8wLQYJKoZIhvcNAQkBFiBjdXN0b21lci1zZXJ2 aWNlQGN1ZGFzeXN0ZW1zLm5ldAIBCDAJBgUrDgMCGgUAoIICOzAYBgkqhkiG9w0BCQMxCwYJ KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNDEwMDEyMTU4MjdaMCMGCSqGSIb3DQEJBDEW BBRYlGs+vtvS/YVrG0GHFUC1cV+dLzBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIG0BgkrBgEEAYI3EAQxgaYwgaMwgZ0xCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoT EEN1ZGEgU3lzdGVtcyBMTEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExLzAtBgkq hkiG9w0BCQEWIGN1c3RvbWVyLXNlcnZpY2VAY3VkYXN5c3RlbXMubmV0AgEIMIG2BgsqhkiG 9w0BCRACCzGBpqCBozCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEjAQBgNV BAcTCU5pY2V2aWxsZTEZMBcGA1UEChMQQ3VkYSBTeXN0ZW1zIExMQzEcMBoGA1UEAxMTQ3Vk YSBTeXN0ZW1zIExMQyBDQTEvMC0GCSqGSIb3DQEJARYgY3VzdG9tZXItc2VydmljZUBjdWRh c3lzdGVtcy5uZXQCAQgwDQYJKoZIhvcNAQEBBQAEggIAaaDzdQLg+Sx9KxZlWo0+XANT3nH5 0nYV7WUqdTC4pjkob6vZJcvjSWhRmqR9cKuLuD5bDqSr48aIZtzV2q3jOUq9YKcK4CuVt9fV 0YCW+bE8xJaQbZRBh8czJlxWHkpqOZlqfLw/Xxsw82yB60gcCC9XeHwGQntjfIuquUUQmLdk 8YL68sjMh3jFl0oxmDQHGl5E6XBP/XqwrWRNYVlcVaPi8Sm7RGiC32LM6fdvzO3sbOKvklpY KVvsv2Bf6UuEzzbgXHXiRSOw9bkBUCtR6np9byNhJU624EKUHSTV3oYya2PTPjGLpI7ZAEAR /5Wb1Ihor2Ff9ryc8Oh/oLsnUuPmtrkwGz53eACH2RdBz7Lr3sG3bXEteGyCP13twp/sndHn mxyVyvCdiXnfzmbLAl9714reNqPW+mZYFBhDN4Ot5qF8XhlTJrQ1pk4LZe3DhlHOiXtVow27 L5YG0GkNrDht+AFVthZCgSbPmyxNU4vN3Acfeqd2yV2DBg7Ne6BryP9pIX4pClLNxOYXurQv Kw5iZUe6fBP5B+cDeASoAXU7BYmP3gWPk5z5BIrRQwj+4t1WcOwaOgqFpfRIls49QNNQCfbu U+dgW2YnmBI4h/HPb2L8zo5YNnRILTiXU8B5iTIPV82Yl2BvldDiYjnwx22ajWH95TNBs9pI tUJTi+0AAAAAAAA= --------------ms060102070300010507040903--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?542C7903.3010906>