Unable to boot FreeBSD memstick image from write-protected memstick

[mnvn]

Hello everyone,

I decided to drop out DVD drive from my servers and use memory stick (memstick/pendrive/flash drive whatever, it's all the same) as a FreeBSD installation source. I bought the brand-new PQI Cooldrive for this purpose, because it has hardware write protection - you know, to safely use it on untrusted systems.

I've downloaded the FreeBSD-9.0-RELEASE-amd64-memstick.img and copied it using

dd if=FreeBSD-9.0-RELEASE-amd64-memstick.img of=/dev/da0 bs="10240" conv="sync"

(method recommended on 9.0 release announcement site).

To my suprise, when I tried to boot system from it with hardware-write-protection=ON it refused to mount root file system - kernel loaded, but after I received error message.

I was very suprised, so I tried to boot from the same memstick with hardware-write-protection=OFF. System booted and ran bsdinstall. After this I turned off the server and removed the memstick. Then, on another machine with FreeBSD installed I dumped the image from memstick using

dd if=/dev/da0 of=dumped.img bs=1024 count=669632

(bs * count = size of original image file)

and noticed that checksums are different. After binary comparison I've noticed 29 differences with original image file - so the installer modified something on memstick.

I've done the same procedure on another, classic memstick without write protection and got the same result - checksum is different.

Then I've compared checksums from those two memsticks - there were different.

----

So, why FreeBSD 9.0-RELEASE memstick image need to modify something on memstick from which it booted? Obviously, this doesn't take place when it is booted from DVD. It is really important for me to boot from write-protected media.


Thank you for your time
Marek

 

[SirDice]

So, why FreeBSD 9.0-RELEASE memstick image need to modify something on memstick from which it booted?

It may not be obvious but it writes to /var/log/messages for example.

Obviously, this doesn't take place when it is booted from DVD.

It's set up differently, the CD/DVD makes use of mdmfs(8).

It is really important for me to boot from write-protected media.

In that case I think you'll need to "roll your own".

 

[mnvn]

It looks like in attachment (sorry for low resolution, huge limitations apply here).

 

[mnvn]

I've also noticed that the same problem occurs when I try to mount the hardware-write-protected memstick normally (with 'mount' command), on running system.

 

[SirDice]

The mount(8) command will try to mount read/write by default.

 

[mnvn]

Ow, you're right. But on the boot stage the memstick is mounted as 'ro' and problem occurs.

 

[SirDice]

After the fsck(8) the root filesystem is re-mounted read/write.

 

[mnvn]

OK, but on the attached screenshot I don't see any fsck. I only see that "file system is clean, skipping checks' and then it tries to mount root filesystem as read/write, don't know why. Previously it was mounted as read only.

 

[SirDice]

13.6 Init: Process Control Initialization

 

[mnvn]

OK... but why is it possible to mount CD read-only and boot/install from it, but with memstick there are such problems? I understand that memstick is treated differently, but in my opinion system should be able to use it as read-only media, just as like CD.

 

[SirDice]

As I said before, the CD/DVD is set up differently. The memory stick is installed just like a 'normal' harddrive.

 

[mnvn]

OK, I just wanted to know and suggest. Thank you Sir for your time.