On Wed, 6 May 2020 at 22:55, Eric S. Hvozda <[email protected]> wrote: > > I’m coloring way outside the lines, so it’s not readily apparent to me this > is a bug, a structural behavior problem or something I am (or am not) doing. > > please bear with me. > > The goal is to build a software RAID system that protects all file systems on > > 2Tbyte disks. > > I have done this in the past with RAIDframe RAID1, FFS v2 and disk label on > MBR without issue. > > However, while embracing GPT, I seem to have come across an interesting > behavior. > > It is know what installing boot blocks on the devices to supporting a raid > set with GPT is useless (i.e. does not work due to lack of support) > > So, let’s take a page from the past: > > Create a smallish file system, that contains the boot blocks and the kernel, > mark the root raid set as “soft” root and be happy. > > In general this means something like: > > newfs -O2 /dev/rdk0 > fsck -f /de/rdk0 > mount /dev/dk0 /mnt > cd /usr/mdec > cp -p boot /mnt > cd / > cp -p boot.cfg netbsd* /mnt > Installboot -v /dev/rdk0 /usr/mdec/bootxx_ffsv2 > gpt biosboot -A -i 1 wd0 > > As long as I am using the GENERIC kernel, this works. > > However, I am greedy; I would like to use kernel space address randomization > (i.e. GENERIC_KASLR) > > If I deploy this kernel into dk0, and attempt to boot from it, boot will try > all the basic kernel paths stating “no such file or directory” and then just > loop forever doing this. > > A key press, does interrupt the loop, and if I use “ls” from boot, I can see > all the kernels. > > I can even boot manually by choosing the GENERIC kernel by name. > > However, no matter what I try, I cannot get GENERIC_KASLR to boot with this > configuration. > > If I manually try to boot it via: > > boot kaslr
You don't boot KASLR this way. You put menu=Boot KASLR:rndseed /var/db/entropy-file;pkboot netbsd_kaslr in your boot.cfg and copy /usr/mdec/prekern to / . (I copy the KASLR kernel to /netbsd_kaslr). > > I get: > > boot hd0a:kaslr: Invalid argument > > Then I saw PR #48702 filed in 2014. > > I never considered that it could be important for a kernel to have access to > the entropy file at boot time. > > So I created the proper /var/db/entropy-file with rndctl( 8 ) on /dev/dk0; > still no luck. > > So I come to a stand still with several questions: > > * if my boot device and root device are not the same, can I not use > GENERIC_KASLR? > * it looks fairly important to have / and /var on the same filesystem now, > security-wise, how bad do things get without starting entropy? > (i.e. the balance of security vs operationally preventing / from filling up) > * what is the problem with the GENERIC_KASLR kernel and this configuration? > * If it is lack of an entropy-file, why is it still unhappy after being > supplied one? > * Surely we can have a better error message than “Invalid argument” :D > > Discussion, comments…? -- ----
