Date: Thu, 25 Oct 2007 12:05:20 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: freebsd-questions@FreeBSD.ORG Subject: Re: Booting a GELI encrypted hard disk Message-ID: <4720BEC0.80406@ibctech.ca> In-Reply-To: <200710251559.l9PFxCqa067331@lurza.secnetix.de> References: <200710251559.l9PFxCqa067331@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The boot directory is different that root file system. /boot/ directory > > is only accessed by loader before root file system is mounted. > > Ah, right. I forgot that the /boot directory is only > accessed by the boot blocks and loader(8) during boot, > but not by the kernel, so it isn't actually mounted. > Once the kernel mounts its root file system, it will > be the "real" one from the encrypted disk. I don't know if this is absolutely true. I haven't tried it yet, but I don't think that /boot on the encrypted disk is necessary. I will rename the directory and reboot and see if it barfs. On the same track, upgrading this system has been easy so far. I do a build/install kernel into /boot on the encrypted disk, then simply copy the /boot/kernel directory over to the thumb drives /boot directory. However, making a mistake such as building and installing the wrong kernel config without crypto and GEOM_ELI leads to all sorts of problems. Relatively easy to recover from, but a waste of time to track down (I posted about this to -stable this AM). Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4720BEC0.80406>