From owner-freebsd-questions@freebsd.org Sun Mar 3 07:10:37 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F39A81526ADE for ; Sun, 3 Mar 2019 07:10:36 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.holgerdanske.com", Issuer "www.holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F40F7718E7 for ; Sun, 3 Mar 2019 07:10:35 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Sat, 2 Mar 2019 23:10:32 -0800 Subject: Re: Moving raw system image to another drive breaks GELI To: freebsd-questions@freebsd.org References: From: David Christensen Message-ID: <8aa98903-99e3-04cb-8d2b-a578c86bfd7a@holgerdanske.com> Date: Sat, 2 Mar 2019 23:10:32 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Mar 2019 07:10:37 -0000 On 2/26/19 10:00 AM, David Christensen wrote: > I have a computer: > > 2019-02-26 09:50:14 dpchrist@ragnar ~ > $ freebsd-version ; uname -a > 11.2-RELEASE-p9 > FreeBSD ragnar 11.2-RELEASE-p9 FreeBSD 11.2-RELEASE-p9 #0: Tue Feb  5 > 15:30:36 UTC 2019 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64 > > > I installed to a SanDisk Ultra Fit USB 3.0 16 GB flash drive: > >       Partitioning                      Auto (ZFS) >         Pool Type/Disks                 stripe,da0 >         Pool Name                       zroot >         Force 4K Sectors                YES >         Encrypt Disks                   YES >         Partition Scheme                MBR (BIOS) >         Swap Size                       2g >         Mirror Swap                     NO >         Encrypt Swap                    YES >         Install > > > If I do a raw binary copy of the USB flash drive to a Intel 520 Series > SSD 60 GB with dd(1) and boot the SSD, GELI rejects the passphrase and I > end up at a "mountroot>" prompt. > > > I would like to be able to move raw FreeBSD system images from drive to > drive and have them work. I did another install onto SSD. While comparing the configuration files between the USB install and the SSD install, I found some interesting differences in /boot/loader.conf. Here are some lines from the USB install: geli_da0s1d_keyfile0_load="YES" geli_da0s1d_keyfile0_name="/boot/encryption.key" geli_da0s1d_keyfile0_type="da0s1d:geli_keyfile0" And here are the corresponding lines from the SSD install: geli_ada0s1d_keyfile0_load="YES" geli_ada0s1d_keyfile0_name="/boot/encryption.key" geli_ada0s1d_keyfile0_type="ada0s1d:geli_keyfile0" So, the device name for the GELI provider containing the root filesystem is hard-coded into the names of variables set in loader.conf(5). If I burn the SSD install image to USB, boot a USB FreeBSD installer into a shell, remount root read-write: # mount -o rw /dev/ufs/FreeBSD_Install / Import the bootpool on the USB image: # zpool import -f -d /dev -R /mnt bootpool Edit the variables in /mnt/bootpool/boot/loader.conf, move aside /mnt/bootpool/boot/zfs/zpool.cache, shutdown, remove the USB installer, and boot the USB image, it works! David References: [1] https://www.freebsd.org/doc/handbook/boot-introduction.html [2] loader(8) [3] loader.conf(5) [4] mount(8) [5] zpool(8)