From owner-freebsd-questions@FreeBSD.ORG Thu Oct 25 16:05:35 2007 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C48EF16A419 for ; Thu, 25 Oct 2007 16:05:35 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210]) by mx1.freebsd.org (Postfix) with ESMTP id 5D05113C48D for ; Thu, 25 Oct 2007 16:05:35 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: (qmail 21908 invoked by uid 1002); 25 Oct 2007 16:05:34 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(208.70.104.100):. Processed in 17.407841 secs); 25 Oct 2007 16:05:34 -0000 Received: from unknown (HELO ?192.168.30.110?) (steve@ibctech.ca@208.70.104.100) by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 25 Oct 2007 16:05:16 -0000 Message-ID: <4720BEC0.80406@ibctech.ca> Date: Thu, 25 Oct 2007 12:05:20 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG References: <200710251559.l9PFxCqa067331@lurza.secnetix.de> In-Reply-To: <200710251559.l9PFxCqa067331@lurza.secnetix.de> X-Enigmail-Version: 0.95.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: Booting a GELI encrypted hard disk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2007 16:05:35 -0000 > > The boot directory is different that root file system. /boot/ directory > > is only accessed by loader before root file system is mounted. > > Ah, right. I forgot that the /boot directory is only > accessed by the boot blocks and loader(8) during boot, > but not by the kernel, so it isn't actually mounted. > Once the kernel mounts its root file system, it will > be the "real" one from the encrypted disk. I don't know if this is absolutely true. I haven't tried it yet, but I don't think that /boot on the encrypted disk is necessary. I will rename the directory and reboot and see if it barfs. On the same track, upgrading this system has been easy so far. I do a build/install kernel into /boot on the encrypted disk, then simply copy the /boot/kernel directory over to the thumb drives /boot directory. However, making a mistake such as building and installing the wrong kernel config without crypto and GEOM_ELI leads to all sorts of problems. Relatively easy to recover from, but a waste of time to track down (I posted about this to -stable this AM). Steve