Another Install with full disk encryption problem thread

BSDnoobGuy · Feb 5, 2014

I am a complete noob when it comes to FreeBSD. I have been using Debian for the better part of 3 years so I decided to make the switch on my media server because ZFS sounds like something I could use. The steps I am using are a compilation of many other peoples install guides. I chose not to use some of those for various reasons.

I want a fully encrypted disk (ada4) with / and swap on a 500g hard drive using UFS. I want /boot and the boot code to be on a flash drive which is da1.

The steps I am trying

1. Boot from the FreeBSD CD.
2. get to the part where it asks about partitioning.
3. select shell.

######################################################
I set up the encrypted drive.

4. gpart destroy -F ada4
5. gpart destroy -F da1
6. geli init -s 4096 -b -l 256 /dev/ada4
7. input passphrase
8. geli attach /dev/ada4
9. gpart create -s gpt /dev/ada4.geli
10. gpart add -s 460G -t freebsd-ufs /dev/ada4.eli
11. gpart add -s 4G -t freebsd-swap /dev/ada4.eli
12. newfs -E -U -m 0 -j /dev/ada4.elip1
13. mount /dev/ada4 /mnt

###############################################
Now here is the flash drive.

14. gpart create -s mbr /dev/da1
15. gpart add -s 500M -t freebsd-boot /dev/da1
16. newfs -E -U -m 0 -j /dev/da1s1
17. mount /dev/da1s1 /boot
18. gpart bootcode -b /boot/pmbr /dev/da1

##########################################################

18. exit
At this point the install begins, when install finishes I select to go to a shell before rebooting.

19. mv boot /da1s1/boot
20. ln -fs /da1s1/boot

###########################################################

I now modify /da1sa/boot/loader.conf.

Code:

vfs.root.mountfrom=”ufs:/dev/ada4.elip1”   
aesni_load=”YES”   
geom_eli_load=”YES”

##################################################################

Finally I modify fstab.

Code:

/dev/ada4.elip1        /          ufs       rw       0          0
/dev/da1s1               /boot  ufs       rw       1          1

###################################################################

When I attempt to boot from flash drive I get the message "Invalid partition Table"

Thank you in advance.

trh411 · Feb 5, 2014

Re: Another Installing with FDE problem thread. Please help.

First of all, I have no idea if you can do what you want with the flash drive. That being said, the flash drive MBR setup is very wrong. For example, step 16 is putting a new filesystem on a slice, not a partition. That makes no sense in any scenario. Take a look at http://www.wonkity.com/~wblock/docs/html/disksetup.html courtesy of @wblock@ for the correct way to set up an MBR disk for FreeBSD.

BSDnoobGuy · Feb 5, 2014

Re: Another Installing with FDE problem thread. Please help.

Thanks trh411. There is some good information on that page. Having only ever used windows and Linux I was not even aware of a "slice" until yesterday. I have only dealt with partitions and volumes in the past.

I was under the assumption that FreeBSD wouldn't be that different than say Debian or another Linux variant, I was wrong.

trh411 · Feb 5, 2014

Re: Another Installing with FDE problem thread. Please help.

BSDnoobGuy said:
I am now wondering if I should just use the Debian spin that has a FreeBSD kernel. Does anyone know if the ZFS implementation for that is user space or kernel space?

Interesting. I was not aware of the Debian GNU/kFreeBSD project. The FreeBSD implementation of ZFS is in kernel space. The ZFS kernel modules get loaded early in the boot process. There is no user-land software to install for ZFS support in FreeBSD. I don't see how or why that would change for the Debian GNU/kFreeBSD project.

Maybe best to ask this question on a Debian forum as to how ZFS support will be implemented?

BSDnoobGuy · Feb 6, 2014

Re: Another Installing with FDE problem thread. Please help.

Ultimately what I am trying to accomplish is the setup I had been using on my Debian server for a long time.

I had /boot to be on a usb flash drive. When it's inserted the server can be booted
Then I had a fully encrypted disk with an LVM (logical Volume Manager) with 3 partitions inside the LVM. They were "/", swap and "/home"

I will continue reading more about FreeBSD over the next day or so and re-attempt to accomplish my goal.

I appreciate all help that has been given thus far.

BSDnoobGuy · Feb 6, 2014

Could someone point me to a relative straightforward guide to installing BSD to a fully encrypted disk with zfs? The only unencrypted partition would be on a usb flash drive

Thank you,
BSDnoobGuy

trh411 · Feb 6, 2014

The FreeBSD installation is very straightforward. If you plan to install FreeBSD-10.0-RELEASE, which I would recommend, you can take the "ZFS on Root" option during the installation and select encryption at that point. This will set up ZFS for you. Otherwise the installation will be as described in the Handbook

BSDnoobGuy · Feb 6, 2014

trh411 said:
I would recommend, you can take the "ZFS on Root" option during the installation and select encryption at that point. This will set up ZFS for you.

This does not accomplish my goal. If I choose this option I will end up with an unencrypted partition on my hard drive where the boot code lives. I would like the unencrypted partition on a usb flash drive