From owner-freebsd-questions@FreeBSD.ORG Mon Apr 11 03:01:53 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 864811065670 for ; Mon, 11 Apr 2011 03:01:53 +0000 (UTC) (envelope-from gilmordron@yahoo.com) Received: from nm21-vm0.bullet.mail.ac4.yahoo.com (nm21-vm0.bullet.mail.ac4.yahoo.com [98.139.53.216]) by mx1.freebsd.org (Postfix) with SMTP id 9E1098FC0A for ; Mon, 11 Apr 2011 03:01:52 +0000 (UTC) Received: from [98.139.52.195] by nm21.bullet.mail.ac4.yahoo.com with NNFMP; 11 Apr 2011 03:01:51 -0000 Received: from [98.138.90.55] by tm8.bullet.mail.ac4.yahoo.com with NNFMP; 11 Apr 2011 03:01:51 -0000 Received: from [98.138.89.244] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 11 Apr 2011 03:01:51 -0000 Received: from [127.0.0.1] by omp1058.mail.ne1.yahoo.com with NNFMP; 11 Apr 2011 03:01:51 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 555830.95639.bm@omp1058.mail.ne1.yahoo.com Received: (qmail 78142 invoked by uid 60001); 11 Apr 2011 03:01:51 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1302490911; bh=gl8Pg2feR212l0zfzIfI3dAHyKjoAzd0JeYYreVDOsU=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=4Yayi3hbwJN+xA8LG0QjS7wHNx+8rnA8KUbDtcRmnMUOytvWo1Dt9J693Qi2ltO2Q1dsS/ZpTNrM0Th/r37X9N+Ca90lTfo8FupIPx3GHWz5cWpi1bGOsYEWKaHd/w3bEA326nSo/AO3XqfGXUk43/rBMK6Sw6x9UnKhWN+kKSU= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=51bwd1y1UL/4PAkATcY2zTpuVEGgS0DyU37zOM+KDfoQjFRwYIp3jJMI/njwQGvoOw7k8cYqTxGmS3hMsdb8ol0ecLrlp34qh5vcpHd9UnLOroHwbVVywBObKXcxgH9GPBRTh/hh7TR6WGG6VSiuddJdo214br42Up7EeESUt6E=; Message-ID: <70875.60670.qm@web121609.mail.ne1.yahoo.com> X-YMail-OSG: nplGWewVM1kk9dLg8R8uSViw85JVN7yx9aqeE9Nmbo46mzD mgPjqu4ygwWwZwERWgtE27Za5pfwpwkF82jONRy3cQel2cfkeqiaoUHY9Qso ZvZgQIekAN36g9KFGieXiA2OBL1rJjQ06MQ.vF3uanHPpUOSWhGhRh1k4Mqc k8T7da_6MuQ4t2.1frOYaHRWlT7ffy9WHuDUE2ykTPFlUMviI8FA0EWIUQNn b84nlJYLs.o3E4EpL8uDwxmYo9xy.qnk5Wb883u2Ub1.8fOVJl1fJ00BF0Dv xSnE5y8rKXx5X3Oq6.qpy9lfA0Ubj3H4AkzagCnICF04QNNlnxpilfYCspJP aRLGb4UGDiY_r.1mnS1NeGQ3jF6lyOUWYOP4VdwgG Received: from [68.196.8.50] by web121609.mail.ne1.yahoo.com via HTTP; Sun, 10 Apr 2011 20:01:50 PDT X-Mailer: YahooMailRC/559 YahooMailWebService/0.8.109.295617 Date: Sun, 10 Apr 2011 20:01:50 -0700 (PDT) From: Gil Mordron To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: full disk encryption with geli - where does the stuff in /boot/kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2011 03:01:53 -0000 Oh, one other difference between what I've done and what the document says to do: I don't actually have a /dev/ad0. I have ad4, ad5, and ad6. Wherever the document says /dev/ad0, I've been using /dev/ad4 instead. I'm guessing that this is not important to the problem I'm facing, but I figured I should mention in just in case my guess is wrong. ________________________________ From: Gil Mordron To: freebsd-questions@freebsd.org Sent: Sun, April 10, 2011 10:34:42 PM Subject: full disk encryption with geli - where does the stuff in /boot/kernel I am attempting to set up full disk encryption with GELI, booting from an unencrypted thumb drive, using the following PDF by Marc Schiesser as a guide: http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf In section 3.5.5, "The removable medium", it says to copy everything from the fixed disk's boot directory to the thumb drive, and then zip up various things from the removable disk's boot/kernel directory (the fixed disk is mounted as /fixed and the removable as /removable): # cp -Rpv /fixed/boot /removable # cd /removable/boot/kernel # gzip kernel geom_eli.ko acpi.ko My issue is that there is nothing in /removable/boot/kernel. Obviously whatever would be there would have come from the "cp -Rpv /fixed/boot /removable" line, so I checked in /fixed/boot/kernel, and there's nothing there either. Presumably whatever would be in /fixed/boot/kernel would have been placed there in the previous step, section 3.5.4, which includes: # mount /dev/ad0.elia /fixed # export DESTDIR=/fixed/ # cd /dist/6.0-RELEASE/base && ./install.sh That did create a bunch of stuff on /fixed, including /fixed/boot and even /fixed/boot/kernel, but it did not place any files in /fixed/boot/kernel. One difference that I should mention at this point is that I'm using 8.2, not 6.0, so I actually did a "cd /dist/8.2-RELEASE/base" instead of the "cd /dist/6.0-RELEASE/base" that the document suggests. Other than that, I think I did everything the same as it suggests. Is there a step missing in the document? Or did I screw something up? In any case, can I just copy the necessary files to /removable/boot/kernel from /dist/boot/kernel instead of from /fixed/boot/kernel? Or do I have to get them in some other way? And what files are needed? Obviously kernel, geom_eli.ko, and acpi.ko, and I believe that geom_eli.ko requires both zlib.ko and crypto.ko, but do I have to get any other files, too? Thanks in advance for any help.