geli + ufs + ROOT MOUNT ERROR

eyebone · Dec 8, 2009

Hello forum,

ive tried to install 8.0 on my recent buyed t400s. sadly after several tries i run into the same error with the installation. currently i cannot figure out the problem, i did the same for other versions like 6.x or 7.x.

so after installing fbsd with an encrypted root filesystem using mainly the steps described in this howto:

http://www.wanda25.de/geli.html

i get a "ROOT MOUNT ERROR"

anybody already built 8.0 with encrypted rootfilesys? or has any ideas what the reason for this problem could be?

checking for a list of devices at this point

Code:

>mountroot?

acd0 ufsid/<someid> ad4s1a ad4s2 ad4s1 ad4

Thank you for your response.

graudeejs · Dec 8, 2009

Yes, i'm running geli encrypted disks....

you're problem is that your geli isn't started....
you're disk should look like this ad4s1a.eli or ad4.elis1a or ad4s1.elia.

Since you said ad4s1a, when geli attach disk it should be ad4s1a.eli

you probably forgot to set -b flag when you did geli init

[thinking how to fix quickly...]

graudeejs · Dec 8, 2009

Ok, i figured it out.... [if this is the case]

you'll need to boot to fixit mode [use DVD, livefs cd or usb flash]
there you need to

Code:

# ln -s /dist/boot/kernel /boot/kernel
# ln -s /dist/lib /lib
# kldload geom_eli
# geli configure -b /dev/ad0s1a
....

repeat geli configure for all disks/slices/labels depending on how you initialized geli in first place} that are encrypted and should be mounted on root, except swap

reboot and report

or you forgot to create custom kernel or

Code:

echo geom_eli_load=\"YES\" >> /mnt[b]/boot/loader.conf[/b]

or more scenarios... that I'll tell after you tell if things mentioned here helped already or not

eyebone · Dec 8, 2009

or more scenarios... that I'll tell after you tell if things mentioned here helped already or not

thank you for responding. so. those did not solve the problem. ive created the device ad4s2.eli via geli -b [...] before, but also ran some "configure" on it now -> no result, i put the geom eli load to the loader on the first slice already and checked for it again, no spelling errors. also on /boot/etc/ an rc.conf exists with the entry of:

Code:

geli_devices="ad4s2"

before i forget:

ad4s1a is /boot
ad4s2 consists of the whole geli crypto device

also on /boot in etc the fstab exists with:

Code:

/dev/ad4s2.elia / ufs rw 1 1
/dev/ad4s2.elib none swap sw 0 0

ok, iam interested in the next steps

graudeejs · Dec 8, 2009

Do you boot using flash?

eyebone · Dec 8, 2009

yes, ive got a ssd device in here

graudeejs · Dec 8, 2009

do you use password? Keyfile? both? to encrypt/decrypt

eyebone · Dec 8, 2009

killasmurf86 said:
do you use password? Keyfile? both? to encrypt/decrypt

was the line i used:
geli init -b -v -e aes -l 128 /dev/ad4s2

so, only password encryption here currently.

graudeejs · Dec 8, 2009

OK please show /boot/loader.conf and /etc/fstab on your flash.

also show ls output of / and /boot of flash you're using to boot from

eyebone · Dec 8, 2009

oh no

iam sorry. i put the loader.conf to the slash of /boot and not /boot/boot

recognized this during cat'ing the file. thank you for your help!

graudeejs · Dec 9, 2009

It's not /boot/boot. It's boot on your flash root (/) ==> /boot

eyebone · Dec 15, 2009

yes yes

we talking about the same, thanx again works like a charm now