On Tue, 28 Oct 2014, Patrik Lundin wrote:
> Thank you Stefan for taking a look, see comments inline:
>
> On Mon, Oct 27, 2014 at 12:32:30PM +0100, Stefan Sperling wrote:
> > On Sun, Oct 26, 2014 at 09:19:25PM +0100, Patrik Lundin wrote:
> > > # disklabel -E wd0
> > > Create the following partitions (in this order to make the biggest
> > > partition last):
> > > wd0b (swap)
> > > wd0d (RAID) - keydisk (1M)
> > > wd0a (RAID) - the remaining part of the drive that will be encrypted.
> >
> > I'd use wd0d instead of wd0a, because 'a' is usually expected
> > to contain a root partition, not a softraid volume. That has
> > nothing to do with the problem at hand though.
>
> Given that wd0d is used for the keydisk, do you mean i
> should use wd0e for the remainder of the drive instead of 'a'?
This does not matter - wd0a can be RAID. Stefan was just suggesting you avoid
using 'a' since it is normally root. There is no technical reason to change
this.
> Would this also mean I should skip creating a sd0a altogether?
>
> > > ===
> > > Using drive 0, partition 3.
> > > Loading.....
> > > ERR M
> > > ===
> >
> > This error means biosboot(8) can't find the boot(8) program.
> > When booting from softraid, the boot program is stored at a particular
> > offset in the softraid meta data area, and installboot(8) patches that
> > offset into biosboot(8) before copying biosboot(8) to the MBR.
> > Apparently, biosboot(8) has the wrong offset in your case.
>
> Hmm, interesting, thanks for the description!
>
> > Your report lacks some information:
> > - architecture (i386 / amd64 / ...)
>
> I am using amd64.
>
> > - full output of 'disklabel wd0' to show exactly how you configured
> > partitions
>
> I stuck to my original layout for consistency (this has been written
> down by hand):
>
> ===
> # disklabel wd0
> # /dev/rwd0c:
> type: ESDI
> disk: ESDI/IDE disk
> label: VBOX HARDDISK
> duid: 175d4587e45a04a5
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 3916
> total sectors: 62914560
> boundstart: 64
> boundend: 62910540
> drivedata: 0
>
> 16 partitions:
> # size offset fstype [fsize bsize cpg]
> a: 58685445 4225095 RAID
> b: 4208966 64 swap
> c: 62914560 0 unused
> d: 16065 4209030 RAID
> ===
>
> So wd0a is 28GB, wd0b is 2G, and wd0d is 7.8M.
>
> > - output of running installboot with the -v option on the softraid
> > volume: installboot -v sd0
>
> Since I am not able to boot on the device i have to run installboot as
> the last step in the installer. For this i need to add -r /mnt (of
> course the following is also copied by hand):
>
> ===
> # installbook -v -r /mnt sd0
> Using /mnt as root
> installing bootstrap on /dev/rsd0c
> using first-stage /mnt/usr/mdec/biosboot, second-stage /mnt/usr/mdec/boot
> sd0: softraid volume with 2 disk(s)
> sd0: installing boot loader on softraid volume
> /mnt/usr/mdec/boot is 5 blocks x 16384 bytes
> wd0a: installing boot blocks on /dev/rwd0c, part offset 4225175
> master boot record (MBR) at sector 0
> partition 3: type 0xA6 offset 64 size 62910476
> /mnt/usr/mdec/biosboot will be written at sector 64
> wd0d: installing boot blocks on /dev/rwd0c, part offset 4209110
> master boot record (MBR) at sector 0
> partition 3: type 0xA6 offset 64 size 62910476
> /mnt/usr/mdec/biosboot will be written at sector 64
> ===
A CRYPTO key disk is slightly special in that it has softraid metadata but is
not technically part of the same volume (well, it is in some ways but it is
not in others). The problem in question occurs since installboot(8) installs
the first stage boot loader on each chunk that is a member of the volume - in
this case it installs first stage boot loader twice (once for wd0a and again
for wd0d). The second stage boot loader is installed in the softraid metadata
area for the sd0 volume, however in the case of a CRYPTO key disk its
metadata area does not end up with a copy of the boot of the second stage
loader (unlike, say a RAID 1 chunk). If the first stage boot blocks are
installed in the CRYPTO volume then the key disk, the boot loader (in the PBR
of wd0) will end up pointing at a boot storage area (of the key disk) that
does not contain the second stage boot loader. The fix is to probably avoid
installing the boot loader on the key disk.
> > > When I do this the system manages to boot without a passphrase, using
> > > the encrypted drive.
> >
> > I suspect there is a problem in installboot(8) in case the keydisk is
> > on the same disk as the crypto volume. The boot(8) program which is the
> > first program to interpret softraid meta data doesn't even get to run
> > in your case.
>
> I see, I hope the output I supplied above can give you some insight!
>
> Regards,
> Patrik Lundin
--
"Action without study is fatal. Study without action is futile."
-- Mary Ritter Beard
