Date: Thu, 15 Mar 2018 23:25:30 +0100 From: Petr Hejl <petr.hejl@freedev.cz> To: freebsd-questions@freebsd.org Subject: Can't boot from encrypted partition Message-ID: <1f375819-bcf9-af5c-00d1-12dd29a5e9d9@freedev.cz>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GkUyLSDKB3pO8YtdU2tnQwGiE4sz4jj3F Content-Type: multipart/mixed; boundary="DBfyzbv1yGMePp9xC55Z8ew5rz118uUyi"; protected-headers="v1" From: Petr Hejl <petr.hejl@freedev.cz> To: freebsd-questions@freebsd.org Message-ID: <1f375819-bcf9-af5c-00d1-12dd29a5e9d9@freedev.cz> Subject: Can't boot from encrypted partition --DBfyzbv1yGMePp9xC55Z8ew5rz118uUyi Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello, FreeBSD community. I need help with booting from an encrypted partition. Until now, my EFI machine booted from an unencrypted ZFS, while the rest of the system resided on an encrypted ZFS. The layout was like this: /dev/ada0 |- /dev/ada0p1 (efi, 800k) |- /dev/ada0p2 (freebsd-zfs, 1G) |- /dev/ada0p3 (freebsd-zfs, geli-encrypted, 931G) That worked OK. Since FreeBSD >=3D 11.0 should be able to boot an entirel= y encrypted system (let alone the EFI loader, of course), I'd like to get to that point (installing 11.1-RELEASE on amd64). So I create my layout like this: gpart create -s gpt /dev/ada0 gpart add -t efi -l efi -s 800k /dev/ada0 gpart add -t freebsd-zfs -l system /dev/ada0 dd if=3D/boot/boot1.efifat of=3D/dev/ada0p1 geli init -g -l 256 -s 4096 /dev/ada0p2 So the only difference is that there is no separate partition for /boot and the ZFS partition is encrypted with 'geli init -g' rather than 'geli init -b'. The new layout is then: /dev/ada0 |- /dev/ada0p1 (efi, 800k) |- /dev/ada0p2 (freebsd-zfs, geli-encrypted, 931G)[/CODE] After that, I install the system as usual, in the way it's always worked.= geli manpage says: " ... -g Enable booting from this encrypted root filesystem. The boot loader prompts for the passphrase and loads loader from the encrypted partition. =2E.." The problem is, that it doesn't. When the EFI loader starts, it says it can't find any UFS or ZFS partitions, thus no /boot/loader.efi and ends with: panic: No bootable partitions found I have no idea what's wrong. Thank you for any advice. --DBfyzbv1yGMePp9xC55Z8ew5rz118uUyi-- --GkUyLSDKB3pO8YtdU2tnQwGiE4sz4jj3F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAzFiEEhtAS11xPRRb0juNdncEiidQZLkcFAlqq8ucVHHBldHIuaGVq bEBmcmVlZGV2LmN6AAoJEJ3BIonUGS5HFYwP+JwX4NZlunkwEVbtPd4VmNUzWqle OtkpF55vmpaKC5IcX28wS1jhkvsaqiEqCQH1k6jfM0fAOJ/FaM0/g0LZ9D5SKwuA HjIgBbRzTRv45ZVCdjPfT04cJtYNyUAVN38poXmwGCCGpR4XB0fMAsRmC2vTAx3T ig0jdn46URJY2ep8buU+5QcGukEcR7hUmI5I57UVQthRChHgkKDtx+ax5/+T8dMn w073R/hcpPajSLxLvf6o2sWKQZDpuWJvKsY3cNKsk/7XSqU25J3Zi/DCmKy2DMJN hM3/jjvGAU2JPqehz06UHGYLBqFIx1sELEZokjMSgP4U9UGoBZyFA7kCuTGMdaAy dy5LyGHUSJ//bjVrvGyvJifL3NBpNcavO82clFBfo/wOpU7Jep5DXrnAsehp2Uub kbVcZl6VnUdwq+IG2WT7nOyIJTTinaosa5rXWXxvnoU025Q0lM+8tUwN+yTjqlUP YmNOdAhGbc/whFbjpETgMijXNxVAgkh106aokpSBs8HdzNhDYo8ri1T6x/ZNSLNL /znzYfV0j1frbbyJPGx9fmfUU6DkyYJof7DJduoP0k6gQGYNmvjUSGOI5hgRSvAz LRO53xeK8rbIHtpe2eYmOcOLddqoRWJ+hXGRZtdU/0hbdqI8XkxIIewWEb/4XPxp eLx2wOBEPTZPi2Q= =ZJkh -----END PGP SIGNATURE----- --GkUyLSDKB3pO8YtdU2tnQwGiE4sz4jj3F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1f375819-bcf9-af5c-00d1-12dd29a5e9d9>