El día Sunday, June 17, 2012 a las 09:16:12PM -0600, Warren Block escribió:
> On Sat, 16 Jun 2012, Matthias Apitz wrote: > > > OK, but I wanted to have most of the space of the 4 GB SSD encrypted > > with geli(8); so I should make there some slice containing /boot > > (unencrypted) and a second slice which later will contain my HOME and > > encrypted; wrong? > > That's correct: http://forums.freebsd.org/showthread.php?t=29652 Thanks for the pointers and the comments from you and Wojciech; I'm attaching below what I have planned as the exactly procedure now and would thank in advance for any comments; one remaining question is, how could I attache the geli(8) crypted file system during boot (via rc.conf) but using a passphrase which should be asked and typed in on boot? is this somehow possible? Thanks matthias $Id:$ current disk layout of EeePC: Filesystem Size Used Avail Capacity Mounted on /dev/ada0s1a 3.7G 568M 3.1G 15% / /dev/ada1s1a 14G 8.7G 5.8G 60% /usr/local future disk layout. /dev/ada0p1 freebsd-boot /dev/ada0p2 freebsd-ufs /boot 256 Mbyte /dev/ada0p3 freebsd-ufs /private 3.5 GByte (geli encrypted) /dev/ada1p1 freebsd-boot /dev/ada1p2 freebsd-ufs / 14.0 GByte (/ /usr /var ... all in one file system and unencrypted) commands: # gpart destroy -F ada0 # gpart create -s gpt ada0 # gpart add -t freebsd-boot -s 512k ada0 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i1 ada0 # gpart add -t freebsd-ufs -b 1m -s 256m ada0 # gpart add -t freebsd-ufs ada0 # gpart destroy -F ada1 # gpart create -s gpt ada1 # gpart add -t freebsd-boot -s 512k ada1 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i1 ada1 # gpart add -t freebsd-ufs -b 1m ada1 this allows as well at the beginning to boot the system from ada1 (must be done manually from BIOS); later we will copy over /boot from ada1p2 to ada0p2 (see below); create on ada0 the future /boot and /privae file systems and on ada1 the future / root file system; and mount the last as /mnt # newfs /dev/ada0p2 # newfs /dev/ada0p3 # newfs /dev/ada1p2 # mount /dev/ada1p2 /mnt start the mouse daemon (only for cut&paste: # /etc/rc.d/moused onestart install the system (user land and kernel) from /usr/src to /mnt: # cd /usr/src # make installworld DESTDIR=/mnt # make installkernel DESTDIR=/mnt KERNCONF=GENERIC INSTALL_NODEBUG=t # make distrib-dirs DESTDIR=/mnt # make distribution DESTDIR=/mnt create the future /etc/fstab to mount / as root fs: # echo /dev/ada1p2 / ufs rw 1 1 > /mnt/etc/fstab configure some basic services in future /etc/rc.conf: # cat <<EOF > /mnt/etc/rc.conf tmpmfs="YES" tmpsize="128m" wlans_ath0="wlan0" ifconfig_wlan0="WPA DHCP" ifconfig_bge0="DHCP" ifconfig_em0="DHCP" hostname=aurora.Sisis.de sshd_enable="YES" moused_enable="YES" keymap="german.iso" EOF create at least one unpriv user to be able to SSH into the new system later: # chroot /mnt /usr/sbin/adduser unmount the new / and reboot: # umount /mnt # reboot after reboot system should now come up from ada1 and we copy over the /boot to ada0p2 # mount /dev/ada0p2 /mnt # cp -Rp /boot /mnt # echo 'geom_eli_load="YES"' > /mnt/boot/loader.conf # echo 'vfs.root.mountfrom="ufs:ada1p2"' >> /mnt/boot/loader.conf # umount /mnt # reboot should now boot by itself from ada0 and mount the tootfs from ada1p2; later we will use /dev/ada0p3 for the geli(8) encrypted file system and we will mount this as /private; my $HOME should be /private/home -- Matthias Apitz e <g...@unixarea.de> - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
