NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: installation on UEFI system w/ encrypted filesystem
Hello,
I've been trying to re-install with some of the instructions provided, but sadly
to no avail.
> Are you on amd64 or aarch64? IIRC, load command doesn't work on
> aarch64 in efi boot.
I'm on amd64.
> In your case, you can rename "EFI system" to "cgd.conf" and copy
> cgd.conf to /mnt.
I've tried to accommodate for this in my new attempts.
What I'm trying to do now is having a separate boot partition, as can be seen
from the commands bellow, however I now get a 'loading hd0c:cgdroot.kmod FAILED'
error.
In addition to this, I am now using both a cgd.conf and wd0a.conf files for
cgd configuration.
If I uncompress the sets to $BOOT, I do end up with a bootable system, so I
believe the problem lies in the cgd configuration, and/or cgdroot.kmod (since
I'm not even prompted for a password ever, and not so much on the EFI part of
the setup).
If anyone can shed any light on what I'm doing wrong it would be greatly
appreciated.
please note, with regard to the boot.cfg file, I also tried:
* load /cgdroot.kmod
* load hd0c:/cgdroot.kmod
* load hd0c:cgdroot.kmod
Following are the instructions I'm following:
---
gpt destroy wd0
gpt create wd0
gpt add -a 2m -l "netbsd-cgd" -t ffs -s 234g wd0
gpt add -a 2m -l "swap" -t swap -s 2g wd0
gpt add -a 2m -l "cgd.conf" -t ffs -s 2g wd0
gpt add -a 2m -l "EFI system" -t efi wd0
EFI=`dkctl wd0 listwedges | grep msdos| cut -d':' -f1`
CGD=`dkctl wd0 listwedges | grep 'netbsd-cgd'| cut -d':' -f1`
BOOT=`dkctl wd0 listwedges | grep 'cgd.conf'| cut -d':' -f1`
SWAP=`dkctl wd0 listwedges | grep 'swap'| cut -d':' -f1`
newfs_msdos -F 16 /dev/r$EFI
mount -t msdos /dev/$EFI /mnt
mkdir -p /mnt/EFI/boot
cp /usr/mdec/*.efi /mnt/EFI/boot
newfs -O 2 $BOOT
mkdir /mnt_boot
mount /dev/$BOOT /mnt_boot
mkdir -p /mnt_boot/etc/cgd/
mkdir /mnt_root/altroot
touch /mnt_boot/etc/entropy-file
cgdconfig -g -V disklabel -o /mnt_boot/etc/cgd/wd0a.conf aes-cbc 256
cgdconfig -V re-enter cgd0 /dev/$CGD /mnt_boot/etc/cgd/wd0a.conf
echo 'cgd wd0a' > /mnt_boot/etc/cgd/cgd.conf
# since I'm unsure where cgd.conf should reside, I'm copying it to the root
cp /mnt_boot/etc/cgd.conf /mnt_boot #unsure where cgd.conf should reside
newfs /dev/rcgd0a
cp /amd64/installation/miniroot/cgdroot.kmod /mnt_boot
cp /usr/mdec/boot /mnt_boot
swapon /dev/$SWAP
mount /dev/cdg0a /mnt2
for D in var usr home; do mkdir /mnt2/$D; done
cd /mnt2
for set in
kern-GENERIC base comp etc games man misc modules tests text xbase xcomp xetc xfont xserver; do
tar -xzpf /amd64/binary/sets/$set.tar.xz
done
cd /mnt_boot
for set in kern-GENERIC; do
tar -xzpf /amd64/binary/sets/$set.tar.xz
done
cat > /mnt_boot/boot.cfg << EOF
menu=Boot normally:rndseed /etc/entropy-file;load /cgdroot.kmod;boot /netbsd
EOF
installboot -vf /dev/r$BOOT /mnt2/usr/mdec/bootxx_ffsv2
cd /mnt2/dev
sh MAKEDEV all
cd /mnt2
mkdir kern
mkdir proc
mount_kernfs kernfs /mnt2/kern
mount_procfs procfs /mnt2/proc
mount_tmpfs tmpfs /mnt2/var/shm
mount_ptyfs ptyfs /mnt2/dev/pts
chroot /mnt2 su -
cat > /etc/fstab << EOF
/dev/cgd0a / ffs rw 1 1
/dev/wd0b none swap sw,dp 0 0
kernfs /kern kernfs rw
ptyfs /dev/pts ptyfs rw
procfs /proc procfs rw
tmpfs /var/shm tmpfs rw,-m1777,-sram%25
EOF
echo "export LANG=\"en_US.UTF-8\"" >> /etc/profile
echo "export LC_CTYPE=\"en_US.UTF-8\"" >> /etc/profile
echo "export LC_ALL=\"\"" >> /etc/profile
echo 'cgd=YES' > /etc/rc.conf
exit
reboot
---
/ts
On Sun, May 19, 2019, at 1:51 PM, Alexander Nasonov wrote:
> Tiago Seco wrote:
> > Hello,
> >
> > I've been trying to install NetBSD on a UEFI system with encrypted root.
> > ...
> > When booting the system, it is not trying to boot from hd0c, but from hd0a.
>
> If you intend to use cgdroot.kmod, the system should create a md(4)
> disk and boot from it rather than hd0. When loaded, cgdroot.kmod
> should take care of it.
>
> > As far as I can tell, this is the first indication that I did something wrong,
> > since I specified in /EFI/boot/boot.cfg that it should load netbsd from hd0c.
> >
> > I can specify:
> > > load hd0c:/EFI/boot/cgdroot.kmod
> > > boot hd0c:/EFI/boot/netbsd
>
> Are you on amd64 or aarch64? IIRC, load command doesn't work on
> aarch64 in efi boot.
>
> > The system does try to boot, but fails trying to exec /sbin/init.
>
> The system should load an image which contains /sbin/init and other
> tools required to decrypt a real root.
>
> > gpt destroy wd0
> > gpt create wd0
> > gpt add -a 2m -l "netbsd-cgd" -t ffs -s 236g wd0
> > gpt add -a 2m -l "swap" -t swap -s 2g wd0
> > gpt add -a 2m -l "EFI system" -t efi wd0
> >
> > EFI=`dkctl wd0 listwedges | grep msdos| cut -d':' -f1`
> > CGD=`dkctl wd0 listwedges | grep 'netbsd-cgd'| cut -d':' -f1`
> > SWAP=`dkctl wd0 listwedges | grep 'swap'| cut -d':' -f1`
> >
> > newfs_msdos -F 16 /dev/r$EFI
> > mount -t msdos /dev/$EFI /mnt
> > mkdir -p /mnt/EFI/boot
> > cp /usr/mdec/*.efi /mnt/EFI/boot
> >
> > cgdconfig -g -V disklabel -o /mnt/EFI/boot/cgd.cfg aes-cbc 256
> > cgdconfig -V re-enter cgd0 /dev/$CGD /mnt/EFI/boot/cgd.cfg
>
> cgdroot.kmod looks for a gpt label "cgd.conf" and it expects
> to find a file "cgd.conf" in its root.
>
> In your case, you can rename "EFI system" to "cgd.conf" and copy
> cgd.conf to /mnt.
>
> --
> Alex
>
Home |
Main Index |
Thread Index |
Old Index