Re: vfs.root.mountfrom with geli
mhca12 wrote: > On Mon, Feb 4, 2013 at 6:23 PM, Fabian Keil wrote: > > mhca12 wrote: > > > >> On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: > >> > mhca12 wrote: > >> > > >> >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 > >> >> but I get always stuck because the kernel doesn't ask me for the > >> >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the > >> >> label I gave to the root partition. I also tried with /dev/ada0p3.eli > >> >> without success. > >> >> > >> >> Tried the following two /boot/loader.config variations: > >> >> 1: > >> >> geom_eli_load="YES" > >> >> vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” > >> >> 2: > >> >> geom_eli_load="YES" > >> >> vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” > >> >> > >> >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from > >> >> the livecd. > >> >> > >> >> Can you advise me what I might have done wrong or what I > >> >> should try? > >> >> > >> >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ > >> > > >> > This guide doesn't seem to match your configuration. > >> > It uses ada0p3.eli for swapping and additionally uses keyfiles. > >> > > >> > Without knowing your actual configuration it's impossible to > >> > give proper advice. You could check with "geli list ada0p3" if > >> > the boot flag is set, but that's obviously just a wild guess ... > >> > >> Forgot to list my simpler setup: > >> ada0p1 freebsd-boot > >> ada0p2 freebsd-ufs label boot /boot > >> ada0p3 geli freebsd-ufs label enc / > >> > >> Do I have to set the boot flag for any of them? > > > > The geli passphrase is only requested at boot time for providers that > > have the geli boot flag set (for details see geli(8)). If it isn't set > > on ada0p3 it would explain the described behaviour. > > Fabian thanks a lot. Maybe I forgot -b during geli init but a > geli configure -b /dev/ada0p3.eli fixed it. FreeBSD is so > well structured and logical in this regard and hopefully > in many others as I heard. > > In vfs.root.mountfrom only ”ufs:/dev/ada0p3.eli” works and > the /dev/gpt/enc.eli doesn't. Is it supposed to? "doesn't" isn't a particular helpful problem description. Probably geli tastes ada0p3 before gpt/enc and once ada0p3 has been attached gpt/enc is hidden and thus can't be attached anymore. gpt labels aren't intentionally designed not to work with geli, but tasting races at boot time are a known limitation and also affect other geom classes. As a workaround you could use glabel labels instead. I use them for external disks to be able to geli attach them automatically using a known name, but for internal disks whose names don't frequently change I usually don't bother. Fabian signature.asc Description: PGP signature
Re: vfs.root.mountfrom with geli
On Mon, Feb 4, 2013 at 6:23 PM, Fabian Keil wrote: > mhca12 wrote: > >> On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: >> > mhca12 wrote: >> > >> >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 >> >> but I get always stuck because the kernel doesn't ask me for the >> >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the >> >> label I gave to the root partition. I also tried with /dev/ada0p3.eli >> >> without success. >> >> >> >> Tried the following two /boot/loader.config variations: >> >> 1: >> >> geom_eli_load="YES" >> >> vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” >> >> 2: >> >> geom_eli_load="YES" >> >> vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” >> >> >> >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from >> >> the livecd. >> >> >> >> Can you advise me what I might have done wrong or what I >> >> should try? >> >> >> >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ >> > >> > This guide doesn't seem to match your configuration. >> > It uses ada0p3.eli for swapping and additionally uses keyfiles. >> > >> > Without knowing your actual configuration it's impossible to >> > give proper advice. You could check with "geli list ada0p3" if >> > the boot flag is set, but that's obviously just a wild guess ... >> >> Forgot to list my simpler setup: >> ada0p1 freebsd-boot >> ada0p2 freebsd-ufs label boot /boot >> ada0p3 geli freebsd-ufs label enc / >> >> Do I have to set the boot flag for any of them? > > The geli passphrase is only requested at boot time for providers that > have the geli boot flag set (for details see geli(8)). If it isn't set > on ada0p3 it would explain the described behaviour. Fabian thanks a lot. Maybe I forgot -b during geli init but a geli configure -b /dev/ada0p3.eli fixed it. FreeBSD is so well structured and logical in this regard and hopefully in many others as I heard. In vfs.root.mountfrom only ”ufs:/dev/ada0p3.eli” works and the /dev/gpt/enc.eli doesn't. Is it supposed to? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vfs.root.mountfrom with geli
mhca12 wrote: > On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: > > mhca12 wrote: > > > >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 > >> but I get always stuck because the kernel doesn't ask me for the > >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the > >> label I gave to the root partition. I also tried with /dev/ada0p3.eli > >> without success. > >> > >> Tried the following two /boot/loader.config variations: > >> 1: > >> geom_eli_load="YES" > >> vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” > >> 2: > >> geom_eli_load="YES" > >> vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” > >> > >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from > >> the livecd. > >> > >> Can you advise me what I might have done wrong or what I > >> should try? > >> > >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ > > > > This guide doesn't seem to match your configuration. > > It uses ada0p3.eli for swapping and additionally uses keyfiles. > > > > Without knowing your actual configuration it's impossible to > > give proper advice. You could check with "geli list ada0p3" if > > the boot flag is set, but that's obviously just a wild guess ... > > Forgot to list my simpler setup: > ada0p1 freebsd-boot > ada0p2 freebsd-ufs label boot /boot > ada0p3 geli freebsd-ufs label enc / > > Do I have to set the boot flag for any of them? The geli passphrase is only requested at boot time for providers that have the geli boot flag set (for details see geli(8)). If it isn't set on ada0p3 it would explain the described behaviour. Fabian signature.asc Description: PGP signature
Re: vfs.root.mountfrom with geli
On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: > mhca12 wrote: > >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 >> but I get always stuck because the kernel doesn't ask me for the >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the >> label I gave to the root partition. I also tried with /dev/ada0p3.eli >> without success. >> >> Tried the following two /boot/loader.config variations: >> 1: >> geom_eli_load="YES" >> vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” >> 2: >> geom_eli_load="YES" >> vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” >> >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from >> the livecd. >> >> Can you advise me what I might have done wrong or what I >> should try? >> >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ > > This guide doesn't seem to match your configuration. > It uses ada0p3.eli for swapping and additionally uses keyfiles. > > Without knowing your actual configuration it's impossible to > give proper advice. You could check with "geli list ada0p3" if > the boot flag is set, but that's obviously just a wild guess ... Forgot to list my simpler setup: ada0p1 freebsd-boot ada0p2 freebsd-ufs label boot /boot ada0p3 geli freebsd-ufs label enc / Do I have to set the boot flag for any of them? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vfs.root.mountfrom with geli
mhca12 wrote: > I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 > but I get always stuck because the kernel doesn't ask me for the > passphrase and doesn't find the /dev/gpt/enc.eli where enc is the > label I gave to the root partition. I also tried with /dev/ada0p3.eli > without success. > > Tried the following two /boot/loader.config variations: > 1: > geom_eli_load="YES" > vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” > 2: > geom_eli_load="YES" > vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” > > I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from > the livecd. > > Can you advise me what I might have done wrong or what I > should try? > > https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ This guide doesn't seem to match your configuration. It uses ada0p3.eli for swapping and additionally uses keyfiles. Without knowing your actual configuration it's impossible to give proper advice. You could check with "geli list ada0p3" if the boot flag is set, but that's obviously just a wild guess ... Fabian signature.asc Description: PGP signature
vfs.root.mountfrom with geli
Hi, I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 but I get always stuck because the kernel doesn't ask me for the passphrase and doesn't find the /dev/gpt/enc.eli where enc is the label I gave to the root partition. I also tried with /dev/ada0p3.eli without success. Tried the following two /boot/loader.config variations: 1: geom_eli_load="YES" vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” 2: geom_eli_load="YES" vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from the livecd. Can you advise me what I might have done wrong or what I should try? https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ http://namor.userpage.fu-berlin.de/howto_fbsd9_encrypted_ufs.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
