On 9/23/07, Roland Smith <[EMAIL PROTECTED]> wrote: > On Sun, Sep 23, 2007 at 05:59:01PM +0100, Gabriel Dragffy wrote: > > This sounds good. How exactly did you manage to encrypt discs and then > > install freebsd there? I can just about setup software raid once freebsd is > > installed, but by then I am unable to use a hard drive because it already > > has freebsd on it. > > There is no point in encrypting the whole harddisk. The OS and ports can > be downloaded from the internet. No point in keeping them secret. They > might in fact facilitate a known-plaintext attack.
I agree, I did it more as an exercise to learn more about the way FreeBSD works. On my laptop I have only the /home partition encrypted. To answer the original question, however, I always install FreeBSD via a stage install. By that I mean that I don't actually use sysinstall for the final system. I get a USB drive and install the base OS onto that. Then I download the source for whichever FreeBSD version I want; my laptop is running CURRENT, for example. Configure make.conf and src.conf files, create a custom kernel, then make buildworld buildkernel in /usr/src. While the system is building I prepare the actual drive, or RAID array, that the final OS will be installed to. Create your software RAID volumes, partition (slice) everything, if I want to use geli for encryption then I would overwrite the target partition with random data before doing geli init. For my full-disk encryption I actually overwrote the entire disk and skipped slicing altogether. The kernel was later installed to a usb flash drive and the entire disk was used for FreeBSD. So instead of specifying things like ad0s1a in fstab, I simply used ad0a - no slices. The point is that unless someone actually knew that I had FreeBSD installed there, without the flash drive all the data on the disk looks like garbage. There isn't even a mbr to indicate partition types. At any rate, it was a fun experiment. So once the drives are configured, mount everything under /mnt and wait for the source to finish building. After than, you can do `make DESTDIR=/mnt installworld` and just like that, your new system is ready. Well, not quite... Run `mergemaster -iD /mnt` to copy all configuration files, installkernel with KODIR=/mnt/boot/kernel to install the kernel, use fdisk or boot0cfg to install mbr code, and finally 'bsdlabel -B ...' for the other boot stages. Installing the system this way also allows you to configure some things before that first boot. Technically, you can do the same thing from single-user mode, but this way may be more convenient. When you're ready, reboot, change the boot order in BIOS, if you configured everything correctly your new system should boot up with no problems. - Max _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
