Hi
I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition.
I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck.
These are the steps which I tried:
I have tried to make encrypted ZFS + UFS root following these howto:
https://forums.freebsd.org/threads/51393/
and that will work.
After that I tried to convert that setup to ZFS only following this:
https://forums.freebsd.org/threads/57711/
But that wouldn't work.
It reports:
If I understand correctly, FreeBSD 11.0 should be able to boot from ZFS only encrypted partition.
Should I have a freebsd-boot partition for this setup?
Can someone explain me how to boot /boot/loader.efi from encrypted ZFS root partition?
Thanks!
I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition.
I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck.
These are the steps which I tried:
Code:
# boot FreeBSD 11.0-RELEASE amd64 disk1
# install
# shell: Open a shell and partition by hand
gpart create -s gpt ada0
# create FAT16 1MB aligned 100 MB big efi partition
gpart add -t efi -s 100M -a 1M -l efi ada0
# freebsd-boot shouldn't be bigger than 512K (boot code limitations)
gpart add -t freebsd-boot -s 512k -a 1M ada0
gpart add -t freebsd-zfs -a 1M -s 60G -l vm_zfs_test ada0
gpart add -t freebsd-swap -a 1M -s 1G -l swap ada0
newfs_msdos -F 16 -L FreeBSD_EFI /dev/gpt/efi
mkdir /tmp/efi
mount -t msdosfs /dev/gpt/efi /tmp/efi
mkdir -p /tmp/efi/efi/boot
cp /boot/boot1.efi /tmp/efi/efi/boot/bootx64.efi
umount /tmp/efi
geli init -e AES-XTS -l 128 -s 4096 -b /dev/gpt/vm_zfs_test
geli attach /dev/gpt/vm_zfs_test
geli configure -b /dev/gpt/vm_zfs_test.eli
# I have also tried this, without success
#geli configure -g /dev/gpt/vm_zfs_test
# write bootcode to the freebsd-boot partiton:
gpart bootcode -p /boot/gptzfsboot -i 2 ada0
# I have also tried this:
#gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0
zpool create -R /mnt -O canmount=off -O mountpoint=none -O atime=off -O compression=on vm_zfs_test /dev/gpt/vm_zfs_test.eli
zfs create -o canmount=off -o mountpoint=none vm_zfs_test/ROOT
zfs create -o mountpoint=/ vm_zfs_test/ROOT/master
zfs set canmount=noauto vm_zfs_test/ROOT/master
# Tried this also:
#zpool set bootfs=vm_zfs_test/ROOT/master vm_zfs_test
exit
# finish install
# rebootI have tried to make encrypted ZFS + UFS root following these howto:
https://forums.freebsd.org/threads/51393/
and that will work.
After that I tried to convert that setup to ZFS only following this:
https://forums.freebsd.org/threads/57711/
But that wouldn't work.
It reports:
Code:
Failed to load '/boot/loader.efi'
panic: No bootable partition found!If I understand correctly, FreeBSD 11.0 should be able to boot from ZFS only encrypted partition.
Should I have a freebsd-boot partition for this setup?
Can someone explain me how to boot /boot/loader.efi from encrypted ZFS root partition?
Thanks!
Last edited by a moderator: