Bump! Again:
How use a HDD as crypto softraid root filesystem media, but put boot
code and cryto softraid keydisk partition (and perhaps /boot file and/or
kernel) on an USB disk?
Thanks,
Tinker
On 2017-02-02 10:27, Tinker wrote:
Hi!
I would like to have my system set up as follows:
* My USB memory card contains the boot code (MBR etc.) and the
softraid crypto keydisk partition.
And maybe the kernel.
* My HDD contains the root filesystem in a crypto softraid. (And no
boot code!)
How do I make this so?
The architecture is AMD64 now but could be ARM later.
My motivation here for wanting the boot code on the USB stick, is that
I trust the USB stick more than my harddrive.
The probability that someone would alter the harddrive's boot code is
way higher than the probability that someone would alter the USB
stick's boot code.
In my OpenBSD environment,
* sd0 is my HDD (sd0a is the crypto softraid represented as sd1, and
sd0b is my swap partition),
* sd1 is the crypto softraid (which is contained in sd0a, and, it
contains partitions sd1a, sd1d, etc. with my root partition, home
partition etc.), and
* sd2 is my USB flash drive (sd2a is my crypto softraid keydisk
partition).
When I do "installboot sd2", I get the error "installboot:
cross-device install".
This seems to come from line 723 in
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/installboot/i386_installboot.c?annotate=1.29
:
721: if (sysctl(mib, 3, &dev, &size, NULL, 0) >= 0) {
722: if (fsb.st_dev / MAXPARTITIONS != dev /
MAXPARTITIONS)
723: errx(1, "cross-device install");
724: }
So.. installboot has been intentionally conditioned to not allow me to
make my USB stick bootable.
But I don't understand the context here, like, what's actually
possible, why does it fail here, and what would be "supported" ways
around it.
It must be doable somehow.
Can you please instruct me how to do this?
It seems that the boot code is looking for an UFS filesystem (bare or
inside a softraid crypto partition), which has a "/boot" file in it,
and that "/boot" file will then load the kernel.
Could I make a small softraid crypto partition on the USB stick and
put an UFS filesystem with a /boot file in it to make installboot work
out, and then somehow make it pick up the kernel from the main
harddrive?
Also, loading the kernel from the USB drive would be all fine, perhaps
even preferable, and then just so that the kernel understands that it
should use the HDD as root partition.
Please suggest how to make these two variants work.
Thanks!
Tinker
