Date: Sat, 15 Feb 2020 15:12:09 -0800 From: David Christensen <dpchrist@holgerdanske.com> To: freebsd-questions@freebsd.org Subject: Booting FreeBSD with MBR, GELI, ZFS, and changing provider names Message-ID: <65eb848c-5c53-4f41-30ef-496c19ad4651@holgerdanske.com>
next in thread | raw e-mail | index | archive | help
On 2020-02-13 20:08, David Christensen wrote:
> I put my operating system installations on single, small 2.5" SATA
> SSD's and I put 2.5" SATA trayless disk bays in my computers. This
> both facilitates imaging and allows me to mix and match as required.
>
>
> For FreeBSD, I use ZFS throughout.
>
>
> Not all of my computers support booting from GPT, so I use MBR for
> system drives.
>
>
> The default FreeBSD installer wants to use the entire disk, so I
> hacked the memstick installer and/or choose the following in the
> installer:
>
> - 1 MiB alignment for everything
>
> - 14 GiB slice
>
> - 2 GiB boot partition, copies=2
>
> - 2 GiB swap partition, mirrored
>
> - 10 GiB root partition, copies=2
>
>
> The most obvious downside is that MBR does not support labels. So,
> the FreeBSD boot system uses device node names. This means I have to
> ensure that the system drive is always ada0 -- during install,
> whenever I move the drive to another machine, and whenever I add or
> remove drives or controllers. If the drive comes up as the wrong
> device node, I move SATA cables around.
Here is the example system:
2020-02-15 13:25:07 toor@beastie ~
# freebsd-version ; uname -a
12.1-RELEASE
FreeBSD beastie.tracy.holgerdanske.com 12.1-RELEASE FreeBSD 12.1-RELEASE
r354233 GENERIC amd64
Here is the system disk:
2020-02-15 13:18:27 toor@beastie ~
# gpart show -p ada0 ada0s1
=> 63 117231345 ada0 MBR (56G)
63 1985 - free - (993K)
2048 29360128 ada0s1 freebsd [active] (14G)
29362176 87869232 - free - (42G)
=> 0 29360128 ada0s1 BSD (14G)
0 4194304 ada0s1a freebsd-zfs (2.0G)
4194304 4194304 ada0s1b freebsd-swap (2.0G)
8388608 20971520 ada0s1d freebsd-zfs (10G)
2020-02-15 14:02:28 toor@beastie ~
# geli status | egrep 'Name|swap|ada0'
Name Status Components
ada0s1d.eli ACTIVE ada0s1d
mirror/swap.eli ACTIVE mirror/swap
2020-02-15 14:03:11 toor@beastie ~
# zpool list | egrep 'NAME|boot|root'
NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP
DEDUP HEALTH ALTROOT
beastie_zroot 9.50G 1.05G 8.45G - - 2% 11%
1.04x ONLINE -
bootpool 1.88G 158M 1.72G - - 0% 8%
1.00x ONLINE -
2020-02-15 14:03:40 toor@beastie ~
# zfs list | egrep 'NAME|boot|root '
NAME USED AVAIL REFER MOUNTPOINT
beastie_zroot 1.10G 8.15G 88K /beastie_zroot
bootpool 157M 1.60G 156M /bootpool
Note that there are no labels on the partitions:
2020-02-15 13:19:10 toor@beastie ~
# gpart show -p -l ada0 ada0s1
=> 63 117231345 ada0 MBR (56G)
63 1985 - free - (993K)
2048 29360128 ada0s1 (null) [active] (14G)
29362176 87869232 - free - (42G)
=> 0 29360128 ada0s1 BSD (14G)
0 4194304 ada0s1a (null) (2.0G)
4194304 4194304 ada0s1b (null) (2.0G)
8388608 20971520 ada0s1d (null) (10G)
Here is /boot/loader.conf:
2020-02-15 14:11:12 toor@beastie ~
# cat /boot/loader.conf
aesni_load="YES"
geli_ada0s1d_keyfile0_load="YES"
geli_ada0s1d_keyfile0_name="/boot/encryption.key"
geli_ada0s1d_keyfile0_type="ada0s1d:geli_keyfile0"
geom_eli_load="YES"
geom_eli_passphrase_prompt="YES"
geom_mirror_load="YES"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
opensolaris_load="YES"
vfs.root.mountfrom="zfs:beastie_zroot/ROOT/default"
zfs_load="YES"
zpool_cache_load="YES"
zpool_cache_name="/boot/zfs/zpool.cache"
zpool_cache_type="/boot/zfs/zpool.cache"
If the provider names change, the FreeBSD boot process will fail when it
reaches the point of decrypting the root partition -- it prompts for the
passphrase, I enter the correct passphrase, the correct passphrase is
rejected, the process repeats two more times, and then I am locked out.
I am trying to figure out how to get the above FreeBSD system disk to
boot correctly when the provider names change. This includes moving the
system image between HDD's, SSD's, and USB flash drives with dd(1) (e.g.
provider names ada* and da*).
I am curious about the following tunables in /boot/loader.conf:
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
loader.conf(5) mentions:
kern.geom.label.*.enable
Where are these two tunables documented, and does the following tunable
exist?
kern.geom.label.eli.enable
Also, my ZFS data disks use GPT, have GPT labels, and they work.
Looking at the /boot/loader.conf settings, above, I would expect that
GPT labels should not work (?).
(The solution on Debian GNU/Linux is to use /dev/disk/by-partuuid/* for
swap and UUID=* for root in /etc/crypttab.)
On 2020-02-14 22:50, Dewayne Geraghty wrote:
> when using "glabel status" I can see both the glabel assigned label
> and the tunefs file system label on an MBR usb drive
>
> label/ss1 N/A da0s2d ufs/ss1 N/A da0s2d label/keys N/A
> da0s2e ufs/keys N/A da0s2e
On 2020-02-15 06:30, RW via freebsd-questions wrote:
> You can use glabel to label the drive, or label the individual
> partitions.
On 2020-02-15 11:14, Polytropon wrote:
> Actually, there are several possible methods for labeling:
>
> 1. glabel (GEOM label) example: /dev/label/usr
>
> 2. tunefs label (UFS permanent label) example: /dev/ufs/usr
>
> 3. UFS-ID example: /dev/ufsid/486b6fc16926168e
>
> Sources:
>
> https://www.freebsd.org/doc/handbook/geom-glabel.html
>
> http://www.wonkity.com/~wblock/docs/html/labels.html
The first URL provided by Polytropon and 'man glabel' both indicate that
glabel(8) labels are written to the last sector of a provider. Neither
states what happens when the provider contains GELI. I am hesitant to
try it and break my system.
'man tunefs' indicates that tunefs(8) is for UFS.
David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65eb848c-5c53-4f41-30ef-496c19ad4651>