FreeBSD 10.2 on GELI Encryption - OS Independent Booting

AHR Inc

Member


Messages: 39

PROS: Tow OSes taking full advantage of machine resources

CONS: Missing share data capabilities but it is an upcoming fix.

So far so good, dual booting Windows 7 and FreeBSD by taking full advantage of the machine resources. The mix involves hosting the FreeBSD root partition on same hard drive with Windows but booting from SD/USB drive … may be tested beyond the two mentioned OSes.

Recommended to install Windows 7 first and leave a partition for FreeBSD. Assuming you investigated the system and gained info on which MBR partition you’re going to host your FreeBSD root, and your boot SD/USB drive flash memory is at least 2GB – you are ready to customize the following code to fit your needs: (the first three DK_ vars need editing (attention to line 22 and 24 -- here i 4 needs editing) the rest of the code should work)

Code:
#!/bin/sh

DK_fix="ada0"
DK_part="${DK_fix}s4"
DK_usb="da0"

promptyn(){
  while true; do
  read -p "$1 " yn
  case $yn in
  [Yy]* ) return 0;;
  [Nn]* ) return 1;;
  * ) echo "Please answer yes or no.";;
  esac
  done
}

PART_fix(){
  # well, first i'll try to delete the partition reservewd for fbsd
  # now -i 4 (index 4) may be different on other installs config
  echo "Wait few min until we wipe /dev/${DK_part}"
  dd if=/dev/zero of=/dev/${DK_part} bs=1M  count=1600

  gpart delete -i 4 ${DK_fix}
  sleep 2
  gpart add -t freebsd ${DK_fix}
  sleep 1
  gpart create -s bsd ${DK_part}
  sleep 1

  # Add a partition for the freebsd root directory
  gpart add -s 260G -t freebsd-ufs ${DK_part}
  sleep 2
  gpart add -s 9G -t freebsd-swap ${DK_part}
  sleep 2
  glabel label swap /dev/${DK_part}b
  sleep 1
  echo "Done Adding partitions root and swap to ${DK_part}"
}
# -------------------------------------------------------------

PART_usb(){
  # USB disk as boot (i am using an SD card 32G)
  dd if=/dev/zero of=/dev/${DK_usb} bs=64K  count=1600
  sleep2

  gpart create -s mbr ${DK_usb}
  sleep 2

  gpart bootcode -b /boot/mbr ${DK_usb}
  sleep 2

  gpart add -t freebsd ${DK_usb}
  sleep 2
  gpart set -a active -i 1 ${DK_usb}
  sleep 1

  #Create BSD slice for MBR disk
  gpart create -s bsd ${DK_usb}s1
  sleep 2

  gpart bootcode -b /boot/boot ${DK_usb}s1
  sleep 2

  # one G for boot files
  gpart add -t freebsd-ufs -a 4k -s 1G ${DK_usb}s1
  sleep 2
  glabel label boot /dev/${DK_usb}s1a
  sleep 2

  echo "Done creating MBR on USB disks"
}
# -------------------------------------------------------------

PART_geli(){
  # Create a folder to store GELI related files on /boot
  mkdir -p /tmp/bsdinstall_boot/prv
  sleep 1

  # Create a key file
  dd if=/dev/random of=/tmp/bsdinstall_boot/prv/the.key bs=64 count=1
  sleep 1

  # Initialise the GELI device to encrypt (K newfile / k existing file)
  geli init -e AES-XTS -l 128 -s 4096 -b -K /tmp/bsdinstall_boot/prv/the.key /dev/${DK_part}a
  sleep 2

  # Attach the GELI device
  geli attach -k /tmp/bsdinstall_boot/prv/the.key /dev/${DK_part}a
  sleep 2
  echo "Done Configuring the GELI container"
}
# -------------------------------------------------------------

PART_fsys(){
  # Create File Systems
  newfs -U /dev/${DK_usb}s1a
  sleep 1
  newfs -U /dev/${DK_part}a.eli
  sleep 1
  echo "Done Creating File Systems"
}
# -------------------------------------------------------------

PART_mnt(){
  # Mount the /boot and other tasks
  mount /dev/${DK_part}a.eli /mnt
  sleep 2
  mkdir /mnt/yourchoice
  mount /dev/${DK_usb}s1a /mnt/yourchoice
  sleep 2
  mkdir /mnt/yourchoice/boot
  mkdir /mnt/yourchoice/boot/prv
  cd /mnt
  ln -s yourchoice/boot /mnt/boot
  sleep 2
  cp /tmp/bsdinstall_boot/prv/the.key /mnt/yourchoice/boot/prv/the.key
  sleep 2
}
# -------------------------------------------------------------

PART_cfg(){
  # Create Preliminary fstab  ee /tmp/bsdinstall_etc/fstab
  echo "# Device  Mountpoint  FStype  Options  Dump" > /tmp/bsdinstall_etc/fstab
  echo "/dev/${DK_part}a.eli  /  ufs  rw  1  1" >> /tmp/bsdinstall_etc/fstab
  echo "/dev/da0s1a  /yourchoice  ufs  rw  2  2" >> /tmp/bsdinstall_etc/fstab
  echo "/dev/${DK_part}b.eli  none  swap  sw  0  0" >> /tmp/bsdinstall_etc/fstab
  sleep 2

  # Create loader.conf
  echo "aesni_load=\"YES\"" > /tmp/bsdinstall_boot/loader.conf
  echo "geom_eli_load=\"YES\"" >> /tmp/bsdinstall_boot/loader.conf
  echo "geli_${DK_part}a_keyfile0_load=\"YES\"" >> /tmp/bsdinstall_boot/loader.conf
  echo "geli_${DK_part}a_keyfile0_type=\"${DK_part}a:geli_keyfile0\"" >> /tmp/bsdinstall_boot/loader.conf
  echo "geli_${DK_part}a_keyfile0_name=\"/boot/prv/the.key\"" >> /tmp/bsdinstall_boot/loader.conf
  echo "vfs.root.mountfrom=\"ufs:${DK_part}a.eli\"" >> /tmp/bsdinstall_boot/loader.conf
  sleep 2
  echo "Done Creating Preliminary files"
}

# -------------------------------------------------------------

PART_fix
  if promptyn "Do you want to continue to USB? (Y/n)"; then
  PART_usb
  if promptyn "Do you want to continue to GELI? (Y/n)"; then
  PART_geli
  if promptyn "Do you want to continue to File SYS? (Y/n)"; then
  PART_fsys
  if promptyn "Do you want to continue to Mounting TMPs? (Y/n)"; then
  PART_mnt
  if promptyn "Do you want to continue to CONFIG TMPs? (Y/n)"; then
  PART_cfg
  gpart show | more
  if promptyn "Ready to exit shell and continue freebsd install? (Y/n)"; then
  exit
  else
  exit 1
  fi
  else
  exit 1
  fi
  else
  exit 1
  fi
  else
  exit 1
  fi
  else
  exit 1
  fi
  else
  exit 1
  fi
After customizing the code follow these instructions:
  1. Insert a FreeBSD DVD into your CD drive and boot from it
  2. Select install and continue through the installation process setting whatever options you want, until you get to the "Partitioning" menu where you should select "Shell"
  3. Insert the bootable SD/USB flash memory – here you will see on the screen if DK_usb in the code is da0, da1 or whatever. Take note to make sure the above code is corrected.
  4. After all modifications copy the code to another memory stick as fbsd.sh file.
  5. Insert your memory stick in the USB port of the computer you started the FreeBSD install
  6. The screen will show you the device name, i.e. da2; da4
  7. Create mount point: mkdir /tmp/usb
  8. Assuming it's a MBR partition you should mount the drive with
  9. mount –t msdosfs /dev/da1s1 /tmp/usb
  10. make sure you have the file with cat /tmp/usb/fbsd.sh
  11. chmod +x /tmp/usb/fbsd.sh
  12. sh /tmp/usb/fbsd.sh and answer yes to all prompts if no errors
  13. type exit after the code finished and continue the installation
  14. … when ready to reboot make sure you have only the boot SD/USB plugged in – no CD either.

References:
https://vesterman.com/FreeBSD/FullDiskEncryption
http://www.wonkity.com/~wblock/docs/html/disksetup.html
 

Attachments

Top