Hi misc@,
This is to sum up this previous thread:
Keydisk crypto softraid boot *works PERFECTLY well in UEFI* boot mode
with OpenBSD 6.2, and so does password crypto softraid.
The issue I had actually encountered was not softraid related, but
related to how to make an USB memory stick OpenBSD-UEFI-bootable, and I
got that clarified now and posted that separately to misc@ .
At the bottom of the previous post, I wrote three questions, and I can
answer those now:
> 1) Is the UEFI boot loader for USB keydisk crypto softraid really
> stable?
>
> 2) Is the UEFI boot loader good for any crypto softraid?
To 1) and 2): Yes it's stable.
> 3) Since this one is a big question, I'll make a separate email of it:
>
> If this machine's BIOS does not support NVME SSD boot, how can I
> create an OpenBSD USB boot disk that would boot OpenBSD from the
> NVME SSD-stored crypto softraid for me?
>
> This could be done either by
>
> * The OpenBSD kernel being stored on the USB stick, loading from
> it, and then using the NVME SSD as both root disk, swap disk,
> and dump disk, or,
This was discussed with Stuart in a separate misc@ thread this month,
and he says it can be done but requires custom kernel compiletime
defines.
> * The OpenBSD boot loader would load the OpenBSD kernel from the
> NVME SSD.
I just described this in the other thread.
Tinker
2018-02-01 17:42 GMT+08:00 :
>
> Hi,
>
> This is experiences from an upgrade from 6.0 to 6.2.
>
> I know MBR USB keydisk boot worked on 6.0. This is an attempt to
> upgrade to 6.2 with UEFI.
>
> A potential error source I have is that that I'm also switching boot
> medium from SATA to NVME. NVME as boot medium does not affect the
> OpenBSD installer, so within the scope of the OpenBSD installer, the
> switch to NVME is without impact, however yet the installer does
> complain, see below.
>
> The issue is that I don't get the machine to boot with a keydisk crypto
> softraid boot partition.
>
> Reproduction steps:
>
> * Write install62.fs to a USB memory stick
>
> * Set the machine to UEFI boot mode (machine has no safe boot setting)
>
> * Boot machine from USB memory stick.
>
> OpenBSD kernel boots and the disks are sd0 = NVME SSD, sd1 = boot
> USB stick, sd2 = keydisk USB stick
>
> * Go to the shell by using the (S) option.
>
> * Reset sd0 and sd1 by:
>
> dd if=/dev/random of=/dev/sd0c bs=1M count=100
> dd if=/dev/random of=/dev/sd2c bs=1M count=100
> fdisk -igy -b 960 sd0
> fdisk -igy sd2
>
> * To ensure that any previous BSD disklabel is properly forgotten by
> OpenBSD, reboot, and get back in the S option.
>
> * Set up BSD disklabels:
>
> disklabel -E sd0
> a a (to add an "a" partition)
> (enter for the default offset)
> (enter to occupy all disk)
> RAID (to make a softraid)
> w
> q
>
> disklabel -E sd2
> a a (to add an "a" partition)
> 1024 (to start 512KB into disk)
> 1024 (to create an 512KB-sized partition)
> RAID (to create a softraid)
> w
> q
>
> * Set up USB keydisk softraid:
>
> bioctl -C force -c C -l /dev/sd0a -k /dev/sd2a softraid0
>
> And its output is:
>
> sd3 at scsibus3 targ 1 lun 0: SCSI2 0/direct fixed
> sd3: XXXXXXMB, 512 bytes/sector, XXXXXXXXXX sectors
>
> And so sd3 is the softraid.
>
> * Proceed with OpenBSD installer via "/install".
>
> The interaction at the disk-related install steps is done as follows:
>
> Available disks are: sd0 sd1 sd2 sd3
> Which disk is the root disk? ('?' for details) [sd0] sd3
> No valid MBR or GPT.
> Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [gpt]
> Setting OpenBSD GPT partition to whole sd3...done
> The allocated layout for sd3 is:
> # (SNIP)
> Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] c
> > a a (to add an "a" partition in the softraid)
> offset: [1024] (enter to use default offset)
> size: [XXXXXXXXXXX] (enter to fill all disk)
> FS type: (enter to make it a 4.2BSD filesystem)
> mount point: [none] / (to make it root partition)
> Rounding size to bsize (128 sectors): XXXXXXXXXX
> > w
> > q
>
> * Following through the installer to completion.
>
> Unfortunately at completion the installer outputs this error
> message:
>
> Failed to install boot blocks.
> You will not be able to boot OpenBSD from sd3.
>
> This message is output by the install script when installboot
> returns failure.
>
> To fix this, I tried any of the following three:
>
> installboot -r /mnt sd0
>
> installboot sd0 /mnt/usr/mdec/biosboot /usr/mdec/boot
>
> installboot -r /mnt sd0 /mnt/usr/mdec/biosboot /usr/mdec/boot
>
> * On some attempts here, I checked that the UEFI boot partition was
> correct by:
>
> mount /dev/sd0i /mnt2
> ls /mnt2/efi/boot
>
> And indeed bootia32.efi and bootx64.efi are there.
>
> * Sync, reboot.
>
>
> Problems:
>
> * The problem at reboot is that the BIOS not acknowledges any UEFI-
> bootable disks at all. The BIOS shows this by jumping into the BIOS
> menu at boot, and not listing any bootable devices. (This BIOS only
> lists prospective bootable devices, which has a quite wide
> definition, however I think it does not list any identified disk.)
>
> Also the BIOS' "go into the UEFI shell of the harddrive" menu option
> does not work.
>
> If putting the BIOS in MBR ("legacy") mode, it lists the SSD and one
> or more (didn't check) USB memory stick, but the boot attempt leads
> to either empty screen, or I think, a boot failure message.
>
>
> * The OpenBSD installer USB memory stick is UEFI-booted. I tried to
> boot from it to try to boot the SSD from the OpenBSD boot console
> that way.
>
> I need to re-check this one but the boot loader shows something like
> "disk: hd0 hd1* hd2*", and doing any "boot hd1a:/bsd",
> "boot hd2a:/bsd", "boot hd1:/bsd", "boot hd2:/bsd".
>
> If I recall right, at one attempt instead it showed
> "disk: hd0* hd1 hd2* sr0", however doing "boot sr0a:/bsd", if I
> remember right, failed with "unknown KDF type 2" message or maybe
> totally.
>
> I would need to re-check this point more to get accurate data.
>
>
>
> I tried redoing all this in MBR mode to see if that would work out:
>
> * I'd set the BIOS to UEFI mode at OpenBSD install time, as the
> OpenBSD installer USB memory stick is UEFI
>
> * Do the partitioning the same as above but with the fdisk part as
> "fdisk -iy sd0", "fdisk -iy sd2" instead.
>
> * Do the installation the same as above but instead of GPT (the
> preselected "gpt" option), specify MBR (by "M").
>
> * At installer completion, the same error message is shown as above, i.e.:
>
> Failed to install boot blocks.
> You will not be able to boot OpenBSD from sd3.
>
> * I tried to fix it with the same installboot steps as above.
>
> * At reboot, change the BIOS to boot from MBR (legacy mode).
>
> The OpenBSD boot loader fails as follows:
>
> Using drive 0, partition 3.
> Loading......
> probing: pc0 com0 com1 mem[635K 3295M 247M XXXXM a20=on]
> disk: fd0 hd0+ sr0*
> >> OpenBSD/amd64 BOOT 3.33
> unknown KDF type 2
> open(sr0a:/etc/boot.conf): Operation not permitted
> boot>
> unknown KDF type 2
> open sr0a:/bsd: Operation not permitted
> failed(1), will try /bsd
>
>
> This leads me to ask:
>
> 1) Is the UEFI boot loader for USB keydisk crypto softraid really
> stable?
>
> 2) Is the UEFI boot loader good for any crypto softraid?
>
> 3) Since this one is a big question, I'll make a separate email of it:
>
> If this machine's BIOS does not support NVME SSD boot, how can I
> create an OpenBSD USB boot disk that would boot OpenBSD from the
> NVME SSD-stored crypto softraid for me?
>
> This could be done either by
>
> * The OpenBSD kernel being stored on the USB stick, loading from
> it, and then using the NVME SSD as both root disk, swap disk,
> and dump disk, or,
>
> * The OpenBSD boot loader would load the OpenBSD kernel from the
> NVME SSD.
>
> Please let me know what you think.
>
> Thanks!
> Tinker
