date:20190126

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

2019-01-26 Thread Karl Denninger

Nevermind!

I set the "-g" flag on the provider and voila.  Up she comes; the
loader figured out that it had to prompt for the password and it was
immediately good.

Now THAT'S easy compared with the convoluted BS I had to do (two
partitions, fully "by-hand" install, etc) for 11 on my X220.

Off to the races I go; now I have to figure out what I have to set in
Windows group policy so Bitlocker doesn't throw up every time I boot
FreeBSD (this took a bit with my X220 since the boot manager tickled
something that Bitlocker interpreted as "someone tampered with the
system.")  Maybe this will be a nothingburger too (which would be great
if true.)

I'm going to write this one up when I've got it all solid and post it on
my blog; hopefully it will help others.

On 1/26/2019 14:26, Karl Denninger wrote:
>  1/26/2019 14:10, Warner Losh wrote:
>>
>> On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger > > wrote:
>>
>> Further question  does boot1.efi (which I assume has to be
>> placed on
>> the EFI partition and then something like rEFInd can select it)
>> know how
>> to handle a geli-encrypted primary partition (e.g. for root/boot so I
>> don't need an unencrypted /boot partition), and if so how do I tell it
>> that's the case and to prompt for the password?
>>
>>
>> Not really. The whole reason we ditched boot1.efi is because it is
>> quite limited in what it can do. You must loader.efi for that.
>>  
>>
>> (If not I know how to set up for geli-encryption using a non-encrypted
>> /boot partition, but my understanding is that for 12 the loader was
>> taught how to handle geli internally and thus you can now install
>> 12 --
>> at least for ZFS -- with encryption on root.  However, that wipes the
>> disk if you try to select it in the installer, so that's no good
>> -- and
>> besides, on a laptop zfs is overkill.)
>>
>>
>> For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not
>> and will not grow that functionality.
>>
>> Warner
>>  
> Ok, next dumb question -- can I put loader.efi in the EFI partition
> under EFI/FreeBSD as "bootx64.efi" there (from reading mailing list
> archives that appears to be yes -- just copy it in) and, if yes, how do
> I "tell" it that when it finds the freebsd-ufs partition on the disk it
> was started from (which, if I'm reading correctly, it will scan and look
> for) that it needs to geli attach the partition before it dig into there
> and find the rest of what it needs to boot?
>
> That SHOULD allow me to use an EFI boot manager to come up on initial
> boot, select FreeBSD and the loader.efi (named as bootx64.efi in
> EFI/FreeBSD) code will then boot the system.
>
> I've looked as the 12-RELEASE man page(s) and it's not obvious how you
> tell the loader to look for the partition and then attach it via GELI
> (prompting for the password of course) before attempting to boot it;
> obviously a "load" directive (e.g. geom_eli_load ="YES") makes no sense
> as the thing you'd "load" is on the disk you'd be loading it from and
> its encrypted.. .never mind that loader.conf violates the 8.3 filename
> rules for a DOS filesystem.
>
> Thanks!
>
-- 
Karl Denninger
k...@denninger.net 
/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

2019-01-26 Thread Karl Denninger

 1/26/2019 14:10, Warner Losh wrote:
>
>
> On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger  > wrote:
>
> Further question  does boot1.efi (which I assume has to be
> placed on
> the EFI partition and then something like rEFInd can select it)
> know how
> to handle a geli-encrypted primary partition (e.g. for root/boot so I
> don't need an unencrypted /boot partition), and if so how do I tell it
> that's the case and to prompt for the password?
>
>
> Not really. The whole reason we ditched boot1.efi is because it is
> quite limited in what it can do. You must loader.efi for that.
>  
>
> (If not I know how to set up for geli-encryption using a non-encrypted
> /boot partition, but my understanding is that for 12 the loader was
> taught how to handle geli internally and thus you can now install
> 12 --
> at least for ZFS -- with encryption on root.  However, that wipes the
> disk if you try to select it in the installer, so that's no good
> -- and
> besides, on a laptop zfs is overkill.)
>
>
> For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not
> and will not grow that functionality.
>
> Warner
>  

Ok, next dumb question -- can I put loader.efi in the EFI partition
under EFI/FreeBSD as "bootx64.efi" there (from reading mailing list
archives that appears to be yes -- just copy it in) and, if yes, how do
I "tell" it that when it finds the freebsd-ufs partition on the disk it
was started from (which, if I'm reading correctly, it will scan and look
for) that it needs to geli attach the partition before it dig into there
and find the rest of what it needs to boot?

That SHOULD allow me to use an EFI boot manager to come up on initial
boot, select FreeBSD and the loader.efi (named as bootx64.efi in
EFI/FreeBSD) code will then boot the system.

I've looked as the 12-RELEASE man page(s) and it's not obvious how you
tell the loader to look for the partition and then attach it via GELI
(prompting for the password of course) before attempting to boot it;
obviously a "load" directive (e.g. geom_eli_load ="YES") makes no sense
as the thing you'd "load" is on the disk you'd be loading it from and
its encrypted.. .never mind that loader.conf violates the 8.3 filename
rules for a DOS filesystem.

Thanks!

-- 
Karl Denninger
k...@denninger.net 
/The Market Ticker/
/[S/MIME encrypted email preferred]/

smime.p7s
Description: S/MIME Cryptographic Signature

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

2019-01-26 Thread Warner Losh

On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger  wrote:

> Further question  does boot1.efi (which I assume has to be placed on
> the EFI partition and then something like rEFInd can select it) know how
> to handle a geli-encrypted primary partition (e.g. for root/boot so I
> don't need an unencrypted /boot partition), and if so how do I tell it
> that's the case and to prompt for the password?
>

Not really. The whole reason we ditched boot1.efi is because it is quite
limited in what it can do. You must loader.efi for that.


> (If not I know how to set up for geli-encryption using a non-encrypted
> /boot partition, but my understanding is that for 12 the loader was
> taught how to handle geli internally and thus you can now install 12 --
> at least for ZFS -- with encryption on root.  However, that wipes the
> disk if you try to select it in the installer, so that's no good -- and
> besides, on a laptop zfs is overkill.)
>

For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not and
will not grow that functionality.

Warner


> Thanks!
>
> On 1/26/2019 08:08, Kamila Součková wrote:
> > I'm just booting the installer, going to do this on my X1 Carbon (5th
> gen),
> > and I'm planning to use the efibootmgr entry first (which is sufficient
> for
> > booting), and later I might add rEFInd if I feel like it. I'll be posting
> > my steps online, I can post the link once it's out there if you're
> > interested.
> >
> > I'm very curious about HW support on the 6th gen Carbon, it'd be great to
> > hear how it goes.
> >
> > Have fun!
> >
> > Kamila
> >
> > On Sat, 26 Jan 2019, 06:54 Kyle Evans,  wrote:
> >
> >> On Fri, Jan 25, 2019 at 6:30 PM Jonathan Chen  wrote:
> >>> On Sat, 26 Jan 2019 at 13:00, Karl Denninger 
> wrote:
> >>> [...]
>  I'd like to repartition it to be able to dual boot it much as I do
> with
>  my X220 (I wish I could ditch Windows entirely, but that is just not
>  going to happen), but I'm not sure how to accomplish that in the EFI
>  world -- or if it reasonably CAN be done in the EFI world.
> Fortunately
>  the BIOS has an option to turn off secure boot (which I surmise from
>  reading the Wiki FreeBSD doesn't yet support) but I still need a means
>  to select from some reasonably-friendly way *what* to boot.
> >>> The EFI partition is just a MS-DOS partition, and most EFI aware BIOS
> >>> will (by default) load /EFI/Boot/boot64.efi when starting up. On my
> >>> Dell Inspiron 17, I created /EFI/FreeBSD and copied FreeBSD's
> >>> /boot/loader.efi to /EFI/FreeBSD/boot64.efi. My laptop's BIOS setup
> >>> allowed me to specify a boot-entry to for \EFI\FreeBSD\boot64.efi. On
> >>> a cold start, I have to be quick to hit the F12 key, which then allows
> >>> me to specify whether to boot Windows or FreeBSD. I'm not sure how
> >>> Lenovo's BIOS setup works, but I'm pretty sure that it should have
> >>> something similar.
> >>>
> >> Adding a boot-entry can also be accomplished with efibootmgr. This is
> >> effectively what the installer in -CURRENT does, copying loader to
> >> \EFI\FreeBSD on the ESP and using efibootmgr to insert a "FreeBSD"
> >> entry for that loader and activating it.
> >> ___
> >> freebsd-stable@freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> >> To unsubscribe, send any mail to "
> freebsd-stable-unsubscr...@freebsd.org"
> >>
> > ___
> > freebsd-stable@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org
> "
> --
> Karl Denninger
> k...@denninger.net 
> /The Market Ticker/
> /[S/MIME encrypted email preferred]/
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

2019-01-26 Thread Karl Denninger

Further question  does boot1.efi (which I assume has to be placed on
the EFI partition and then something like rEFInd can select it) know how
to handle a geli-encrypted primary partition (e.g. for root/boot so I
don't need an unencrypted /boot partition), and if so how do I tell it
that's the case and to prompt for the password?

(If not I know how to set up for geli-encryption using a non-encrypted
/boot partition, but my understanding is that for 12 the loader was
taught how to handle geli internally and thus you can now install 12 --
at least for ZFS -- with encryption on root.  However, that wipes the
disk if you try to select it in the installer, so that's no good -- and
besides, on a laptop zfs is overkill.)

Thanks!

On 1/26/2019 08:08, Kamila Součková wrote:
> I'm just booting the installer, going to do this on my X1 Carbon (5th gen),
> and I'm planning to use the efibootmgr entry first (which is sufficient for
> booting), and later I might add rEFInd if I feel like it. I'll be posting
> my steps online, I can post the link once it's out there if you're
> interested.
>
> I'm very curious about HW support on the 6th gen Carbon, it'd be great to
> hear how it goes.
>
> Have fun!
>
> Kamila
>
> On Sat, 26 Jan 2019, 06:54 Kyle Evans,  wrote:
>
>> On Fri, Jan 25, 2019 at 6:30 PM Jonathan Chen  wrote:
>>> On Sat, 26 Jan 2019 at 13:00, Karl Denninger  wrote:
>>> [...]
 I'd like to repartition it to be able to dual boot it much as I do with
 my X220 (I wish I could ditch Windows entirely, but that is just not
 going to happen), but I'm not sure how to accomplish that in the EFI
 world -- or if it reasonably CAN be done in the EFI world.  Fortunately
 the BIOS has an option to turn off secure boot (which I surmise from
 reading the Wiki FreeBSD doesn't yet support) but I still need a means
 to select from some reasonably-friendly way *what* to boot.
>>> The EFI partition is just a MS-DOS partition, and most EFI aware BIOS
>>> will (by default) load /EFI/Boot/boot64.efi when starting up. On my
>>> Dell Inspiron 17, I created /EFI/FreeBSD and copied FreeBSD's
>>> /boot/loader.efi to /EFI/FreeBSD/boot64.efi. My laptop's BIOS setup
>>> allowed me to specify a boot-entry to for \EFI\FreeBSD\boot64.efi. On
>>> a cold start, I have to be quick to hit the F12 key, which then allows
>>> me to specify whether to boot Windows or FreeBSD. I'm not sure how
>>> Lenovo's BIOS setup works, but I'm pretty sure that it should have
>>> something similar.
>>>
>> Adding a boot-entry can also be accomplished with efibootmgr. This is
>> effectively what the installer in -CURRENT does, copying loader to
>> \EFI\FreeBSD on the ESP and using efibootmgr to insert a "FreeBSD"
>> entry for that loader and activating it.
>> ___
>> freebsd-stable@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>>
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
-- 
Karl Denninger
k...@denninger.net 
/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature

Re: freebsd-12 and bhyve and the azure platform

2019-01-26 Thread tech-lists


On Sat, Jan 26, 2019 at 04:39:39PM +0100, Paul Vixie wrote:


i would expect you to use dump | restore, or zfs dump | zfs restore, to
move a system image from one container strategy (or bare metal) to
another (such as azure), after first booting a rescue image inside the
destination container. you'd then fine-tune your /etc/rc.conf file to
have whatever settings were appropriate for the new container.

i know that's somewhat old school, but, that's one reason to love bhyve.


OK, thanks. I thought this might be the case. Just wanted to make sure I
wasn't trying to reinvent the wheel ;)
--
J.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

2019-01-26 Thread Kamila Součková

I'm just booting the installer, going to do this on my X1 Carbon (5th gen),
and I'm planning to use the efibootmgr entry first (which is sufficient for
booting), and later I might add rEFInd if I feel like it. I'll be posting
my steps online, I can post the link once it's out there if you're
interested.

I'm very curious about HW support on the 6th gen Carbon, it'd be great to
hear how it goes.

Have fun!

Kamila

On Sat, 26 Jan 2019, 06:54 Kyle Evans,  wrote:

> On Fri, Jan 25, 2019 at 6:30 PM Jonathan Chen  wrote:
> >
> > On Sat, 26 Jan 2019 at 13:00, Karl Denninger  wrote:
> > [...]
> > > I'd like to repartition it to be able to dual boot it much as I do with
> > > my X220 (I wish I could ditch Windows entirely, but that is just not
> > > going to happen), but I'm not sure how to accomplish that in the EFI
> > > world -- or if it reasonably CAN be done in the EFI world.  Fortunately
> > > the BIOS has an option to turn off secure boot (which I surmise from
> > > reading the Wiki FreeBSD doesn't yet support) but I still need a means
> > > to select from some reasonably-friendly way *what* to boot.
> >
> > The EFI partition is just a MS-DOS partition, and most EFI aware BIOS
> > will (by default) load /EFI/Boot/boot64.efi when starting up. On my
> > Dell Inspiron 17, I created /EFI/FreeBSD and copied FreeBSD's
> > /boot/loader.efi to /EFI/FreeBSD/boot64.efi. My laptop's BIOS setup
> > allowed me to specify a boot-entry to for \EFI\FreeBSD\boot64.efi. On
> > a cold start, I have to be quick to hit the F12 key, which then allows
> > me to specify whether to boot Windows or FreeBSD. I'm not sure how
> > Lenovo's BIOS setup works, but I'm pretty sure that it should have
> > something similar.
> >
>
> Adding a boot-entry can also be accomplished with efibootmgr. This is
> effectively what the installer in -CURRENT does, copying loader to
> \EFI\FreeBSD on the ESP and using efibootmgr to insert a "FreeBSD"
> entry for that loader and activating it.
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: freebsd-12 and bhyve and the azure platform

2019-01-26 Thread Paul Vixie





tech-lists wrote on 2019-01-26 16:17:

Is it possible to migrate a byve freebsd instance/image to Azure? Or
does one have to have the instance initially provisioned via their 
marketplace?


bhyve does not participate in the virtualbox/vmware/etc ecosystem where 
"appliances" in the form of "open virtualization format" files can be 
exported and imported. this in turn means that you would have to 
manually control the parameters of an azure instance to be sure that it 
can contain your existing system image.


i would expect you to use dump | restore, or zfs dump | zfs restore, to 
move a system image from one container strategy (or bare metal) to 
another (such as azure), after first booting a rescue image inside the 
destination container. you'd then fine-tune your /etc/rc.conf file to 
have whatever settings were appropriate for the new container.


i know that's somewhat old school, but, that's one reason to love bhyve.

--
P Vixie

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

freebsd-12 and bhyve and the azure platform

2019-01-26 Thread tech-lists


Hello,

Is it possible to migrate a byve freebsd instance/image to Azure? Or
does one have to have the instance initially provisioned via 
their marketplace?


thanks,
--
J.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: FreeBSD update & custom kernel

2019-01-26 Thread O'Connor, Daniel




> On 25 Jan 2019, at 21:19, Esa Karkkainen  wrote:
> 
> On Fri, Jan 25, 2019 at 05:03:32PM +1030, O'Connor, Daniel wrote:
>> Hi everyone,
> 
> Hi Daniel,
> 
>> Is it feasible for freebsd-update to update the source before the
>> first reboot so a custom kernel can be built?
> 
> It's a hack, but sorta kinda yes.
> 
> Use freebsd-update to update only the source, and follow the
> instructions here:
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html 
> Which suggests to use svc to update sources instead of freebsd-update.

Yes, I would have thought it's probably more efficient to use svn!

> Or you can use two separate freebsd-update config files, modified
> one modified to exclude i.e remove "src" from "Components" line, and new
> copied from the default which excudes everything exept the souces i.e.
> "Components src".
> 
> Update only the source, build world and kernel(s), install the locally
> built kernel and the the normal freebsd-update.

OK, interesting idea - I'll try it next time and see how I go.

Thanks!

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

Re: freebsd-12 and bhyve and the azure platform

Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)

Re: freebsd-12 and bhyve and the azure platform

freebsd-12 and bhyve and the azure platform

Re: FreeBSD update & custom kernel

9 matches

Site Navigation

Mail list logo

Footer information