From owner-freebsd-questions@FreeBSD.ORG Fri Mar 7 18:28:55 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CC657C25 for ; Fri, 7 Mar 2014 18:28:55 +0000 (UTC) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 93D43E9A for ; Fri, 7 Mar 2014 18:28:55 +0000 (UTC) Received: from smarthost.fisglobal.com ([10.132.206.192]) by ltcfislmsgpa06.fnfis.com (8.14.5/8.14.5) with ESMTP id s27ISsQ5025517 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 7 Mar 2014 12:28:54 -0600 Received: from THEMADHATTER (10.242.181.54) by smarthost.fisglobal.com (10.132.206.192) with Microsoft SMTP Server id 14.3.174.1; Fri, 7 Mar 2014 12:28:53 -0600 From: Sender: Devin Teske To: "'David Christensen'" , References: <53197EF6.4070902@holgerdanske.com> <5319913D.4040207@infracaninophile.co.uk> <531A072A.8020809@holgerdanske.com> In-Reply-To: <531A072A.8020809@holgerdanske.com> Subject: RE: FreeBSD 10 RELEASE amd64 how to install on single drive with encrypted ZFS root? Date: Fri, 7 Mar 2014 10:28:48 -0800 Message-ID: <1a9d01cf3a33$15f032c0$41d09840$@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQF0C2PIOT0DD3gD1tjGF6Qa8NBRSQKo1RoEAaepw/mbacphIA== Content-Language: en-us X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-03-07_06:2014-03-07,2014-03-07,1970-01-01 signatures=0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 18:28:55 -0000 > -----Original Message----- > From: David Christensen [mailto:dpchrist@holgerdanske.com] > Sent: Friday, March 7, 2014 9:52 AM > To: freebsd-questions@freebsd.org > Subject: Re: FreeBSD 10 RELEASE amd64 how to install on single drive with > encrypted ZFS root? > > On 03/07/2014 01:28 AM, Matthew Seaman wrote: > > The 10.0 installer does ZFS natively, which is why you can't find any > > instructions on how to set up ZFS manually on that platform. > > Thanks for the reply. :-) > > > I tried that, but ended up with a system that would not boot -- my BIOS didn't > think the hard drive was bootable. > [Devin Teske] Try changing GTP to MBR. > > > However, to set up an encrypted root, you'll need to set up the > > encrypted partition with geli and then set up your ZFSes on top of that. > > Which is basically a manual job. > > You can follow the instructions here: > > https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/9.0-RELEASE > > except that after item (7) -- gnop -- you'll need to insert creating > > your encrypted partitions and then modify the subsequent bits to refer > > to the /dev/gpt/foo.eli devices you create. As far as ZFS goes, the > > sequence is essentially the same for 9.0 as for 10.0 except that > > wherever it says to use lzjb, you should substitute lz4. > > I don't have the knowledge or skills to accomplish the goals you've listed. > > > I'm looking for a console session I can study and type in, or a > walk-through for the installer. > [Devin Teske] What you really want to walk through is /var/log/bsdinstall_log after you've performed a successful install with disk encryption enabled. The installer logs everything that it's doing to /tmp/bsdinstall_log and then copies that to /var/log right before rebooting. -- Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.