Re: full disk encryption with geli - where does the stuff in /boot/kernel
On 04/10/2011 09:34 PM, Gil Mordron wrote: # mount /dev/ad0.elia /fixed # export DESTDIR=/fixed/ # cd /dist/6.0-RELEASE/base ./install.sh The 'base' distribution does not include any kernels. Take a look in /dist/6.0-RELEASE/kernels for those. Note that kernels/install.sh will not populate /boot/kernel either; instead, it'll drop the kernel into /boot/GENERIC (for the generic kernel) for you to do with as you wish. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
full disk encryption with geli - where does the stuff in /boot/kernel
I am attempting to set up full disk encryption with GELI, booting from an unencrypted thumb drive, using the following PDF by Marc Schiesser as a guide: http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf In section 3.5.5, The removable medium, it says to copy everything from the fixed disk's boot directory to the thumb drive, and then zip up various things from the removable disk's boot/kernel directory (the fixed disk is mounted as /fixed and the removable as /removable): # cp -Rpv /fixed/boot /removable # cd /removable/boot/kernel # gzip kernel geom_eli.ko acpi.ko My issue is that there is nothing in /removable/boot/kernel. Obviously whatever would be there would have come from the cp -Rpv /fixed/boot /removable line, so I checked in /fixed/boot/kernel, and there's nothing there either. Presumably whatever would be in /fixed/boot/kernel would have been placed there in the previous step, section 3.5.4, which includes: # mount /dev/ad0.elia /fixed # export DESTDIR=/fixed/ # cd /dist/6.0-RELEASE/base ./install.sh That did create a bunch of stuff on /fixed, including /fixed/boot and even /fixed/boot/kernel, but it did not place any files in /fixed/boot/kernel. One difference that I should mention at this point is that I'm using 8.2, not 6.0, so I actually did a cd /dist/8.2-RELEASE/base instead of the cd /dist/6.0-RELEASE/base that the document suggests. Other than that, I think I did everything the same as it suggests. Is there a step missing in the document? Or did I screw something up? In any case, can I just copy the necessary files to /removable/boot/kernel from /dist/boot/kernel instead of from /fixed/boot/kernel? Or do I have to get them in some other way? And what files are needed? Obviously kernel, geom_eli.ko, and acpi.ko, and I believe that geom_eli.ko requires both zlib.ko and crypto.ko, but do I have to get any other files, too? Thanks in advance for any help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: full disk encryption with geli - where does the stuff in /boot/kernel
Oh, one other difference between what I've done and what the document says to do: I don't actually have a /dev/ad0. I have ad4, ad5, and ad6. Wherever the document says /dev/ad0, I've been using /dev/ad4 instead. I'm guessing that this is not important to the problem I'm facing, but I figured I should mention in just in case my guess is wrong. From: Gil Mordron gilmord...@yahoo.com To: freebsd-questions@freebsd.org Sent: Sun, April 10, 2011 10:34:42 PM Subject: full disk encryption with geli - where does the stuff in /boot/kernel I am attempting to set up full disk encryption with GELI, booting from an unencrypted thumb drive, using the following PDF by Marc Schiesser as a guide: http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf In section 3.5.5, The removable medium, it says to copy everything from the fixed disk's boot directory to the thumb drive, and then zip up various things from the removable disk's boot/kernel directory (the fixed disk is mounted as /fixed and the removable as /removable): # cp -Rpv /fixed/boot /removable # cd /removable/boot/kernel # gzip kernel geom_eli.ko acpi.ko My issue is that there is nothing in /removable/boot/kernel. Obviously whatever would be there would have come from the cp -Rpv /fixed/boot /removable line, so I checked in /fixed/boot/kernel, and there's nothing there either. Presumably whatever would be in /fixed/boot/kernel would have been placed there in the previous step, section 3.5.4, which includes: # mount /dev/ad0.elia /fixed # export DESTDIR=/fixed/ # cd /dist/6.0-RELEASE/base ./install.sh That did create a bunch of stuff on /fixed, including /fixed/boot and even /fixed/boot/kernel, but it did not place any files in /fixed/boot/kernel. One difference that I should mention at this point is that I'm using 8.2, not 6.0, so I actually did a cd /dist/8.2-RELEASE/base instead of the cd /dist/6.0-RELEASE/base that the document suggests. Other than that, I think I did everything the same as it suggests. Is there a step missing in the document? Or did I screw something up? In any case, can I just copy the necessary files to /removable/boot/kernel from /dist/boot/kernel instead of from /fixed/boot/kernel? Or do I have to get them in some other way? And what files are needed? Obviously kernel, geom_eli.ko, and acpi.ko, and I believe that geom_eli.ko requires both zlib.ko and crypto.ko, but do I have to get any other files, too? Thanks in advance for any help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
disk encryption with geli
hi all i am going to encrypt my /home directory which is mounted in /etc/fstab like /dev/ad0s2f /home ufs rw,noatime 2 2 I did like is wrote in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html everything looks good. ad0s2f.eli appears in /dev and so on. I can mount it, umount and so. but after reboot, I am dropped to single user mode because of en error message which says that there is an inconsistency at /dev/ad0s2f do i have to encrypt whole ad0 or it is possible to encrypt only my /home? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: disk encryption with geli
In response to Stefan Miklosovic miklosovic.free...@gmail.com: hi all i am going to encrypt my /home directory which is mounted in /etc/fstab like /dev/ad0s2f /home ufs rw,noatime 2 2 I did like is wrote in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html everything looks good. ad0s2f.eli appears in /dev and so on. I can mount it, umount and so. but after reboot, I am dropped to single user mode because of en error message which says that there is an inconsistency at /dev/ad0s2f do i have to encrypt whole ad0 or it is possible to encrypt only my /home? You can do what you're attempting, I'm doing it in several places without problem. I suspect that you have the startup config wrong in /etc/rc.conf or in /etc/fstab. Make sure you're mounting the encrypted partition in /etc/fstab (i.e. /dev/ad0s2f.eli and not /dev/ad0s2f) and make sure you have all the geli startup config in /etc/rc.conf per the document you referenced. If that's not enough to help you, please provide your /etc/rc.conf, and /etc/fstab, along with copy/paste of the exact error message you're seeing. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: disk encryption with geli
On Fri, 24 Jul 2009 17:17:49 +0200 Stefan Miklosovic miklosovic.free...@gmail.com wrote: hi all i am going to encrypt my /home directory which is mounted in /etc/fstab like /dev/ad0s2f /home ufs rw,noatime I think that should be /dev/ad0s2f.eli in fstab. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org