Site Navigation

Date:      Sat, 26 Jan 2019 14:26:53 -0600
From:      Karl Denninger <karl@denninger.net>
To:        Warner Losh <imp@bsdimp.com>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
Subject:   Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)
Message-ID:  <a961425a-ea40-1dd3-6342-d1b3f22515ce@denninger.net>
In-Reply-To: <CANCZdfrX5TQTY268RqRr%2BGpVbcWGyjh7c=jsZjAzzZ1edsTuMg@mail.gmail.com>
References:  <7391812a-a2ad-874a-80c9-5a871a29f680@denninger.net> <CAJuc1zOaWhfDLKJUFPT7rFORP%2B4m4B5aTU769LK_aDkBOZWMDA@mail.gmail.com> <CACNAnaFLEOucgRFvuukCoznCn7e4RyYSsdo1cRPGUWk9A6ToNg@mail.gmail.com> <CAO7yDHovVLsd2V8Me-fqOcCx=c1%2BC0Ff%2BsrKnmG17GSLtPp1bw@mail.gmail.com> <7a61c927-796d-ea1f-8dce-37e82fb6d646@denninger.net> <CANCZdfrX5TQTY268RqRr%2BGpVbcWGyjh7c=jsZjAzzZ1edsTuMg@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
 1/26/2019 14:10, Warner Losh wrote:
>
>
> On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger <karl@denninger.net
> <mailto:karl@denninger.net>> wrote:
>
>     Further question....  does boot1.efi (which I assume has to be
>     placed on
>     the EFI partition and then something like rEFInd can select it)
>     know how
>     to handle a geli-encrypted primary partition (e.g. for root/boot so I
>     don't need an unencrypted /boot partition), and if so how do I tell it
>     that's the case and to prompt for the password?
>
>
> Not really. The whole reason we ditched boot1.efi is because it is
> quite limited in what it can do. You must loader.efi for that.
>  
>
>     (If not I know how to set up for geli-encryption using a non-encrypted
>     /boot partition, but my understanding is that for 12 the loader was
>     taught how to handle geli internally and thus you can now install
>     12 --
>     at least for ZFS -- with encryption on root.  However, that wipes the
>     disk if you try to select it in the installer, so that's no good
>     -- and
>     besides, on a laptop zfs is overkill.)
>
>
> For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not
> and will not grow that functionality.
>
> Warner
>  

Ok, next dumb question -- can I put loader.efi in the EFI partition
under EFI/FreeBSD as "bootx64.efi" there (from reading mailing list
archives that appears to be yes -- just copy it in) and, if yes, how do
I "tell" it that when it finds the freebsd-ufs partition on the disk it
was started from (which, if I'm reading correctly, it will scan and look
for) that it needs to geli attach the partition before it dig into there
and find the rest of what it needs to boot?

That SHOULD allow me to use an EFI boot manager to come up on initial
boot, select FreeBSD and the loader.efi (named as bootx64.efi in
EFI/FreeBSD) code will then boot the system.

I've looked as the 12-RELEASE man page(s) and it's not obvious how you
tell the loader to look for the partition and then attach it via GELI
(prompting for the password of course) before attempting to boot it;
obviously a "load" directive (e.g. geom_eli_load ="YES") makes no sense
as the thing you'd "load" is on the disk you'd be loading it from and
its encrypted.. .never mind that loader.conf violates the 8.3 filename
rules for a DOS filesystem.

Thanks!

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


��
�0��0���
�H���^��Ōc!5�
�H0
	*�H��


0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA0
170817164217Z
270815164217Z0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0�"0
	*�H��



�0�
�
�h�-5B>[���;��o���l�Ӵ��0~͎O9}�9�Y��e������*�������$��g��!uk�vʶ�LzN�`jL�>��MD'7
U4����5C�B�+�kY`bd����~b*�c3�N��y-�78j�u�]9H�e��uέ�sӬD��ؽ�m��gw�ER�?�&U�UR�j����'�}�9n�WD i�`XcbG��z�\g������G=��u�%���\�O�i1���3���ߝ4�
�K4�4p�YQr]�Ie�/r�0+��eEޝݖ0��C15�M��ݚ@J�SZ(zȏ�N�Ta�(2��5�D�D5���.l�<g[[Za��r�Q�Q%�Bu�ȴ
����~~`���I�oh�R�b����ʳ��ڟ���u�2���M�S��8E�dF��UC���l�CM�aѳ����!����}ș�+�2��k
��/�bų�E,��n�当ꖛ\�(8�WV�8	d]�b�	�������y�X��w	܊�:I�39

��

0�
0U]�^§������Q�\ӎ�0��U#��0�����T0�3���9�N0b������0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA�	�@�U��i0U

�0

�
0U

�
�0
	*�H��


�
��:P U!>v�����J�ni��o�-����#�ן�]Wyu�j���ǑR̀��Q�
�nƇ�!GѦF��g\�yLx�g�w=�O�P��yceh�f[���}�ܷ�['4�ڝ�\[p6\o.
��B&�JF���"�ZC{;�*o�*�mc��Cc�LY߾�`
�t�*�S!����񫶭�(���`�]D�HP�5���A~/�N���Pp�����6�=�m��h�k�밣'd���oA$�86hm����5���Ӛ��S@�j���ެE���gl��
�)�0JG���`%�k�3�5��P��a��C?���σ
׳HE�t
}!�P���㏏%*���B�xb��Q�waKG����$6h�¦��M�v��e;��[o��-�Iی��&
���I,��T��c�ߎ#t �wPA�@��l0�P�+�KXB��պT	z���G�v;N��c��I3��&��JĬ���UP�N��a��?�/�%�W��6G۟N�0�00��
��k���#X��d��\�=0
	*�H��


0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0
170817212120Z
220816212120Z0W10	UUS10UFlorida10U
Cuda Systems LLC10Ukarl@denninger.net0�"0
	*�H��



�0�
�
�T��[I�-ΆϏdn;�Å�@שy���.u�s�~_�Z�G%<��M��Y��d�\g��v�f��n�s�a��1'6����E�gyjs�"C� [�{��~��_���K���Pn+<�*�pv���#Q�����+��H���/���7[-v��qD��V^U>�f��%�GX�)��H.��|l`�M(C�r�>е͇6����#�o��dc"Y�ljҦ�ln8�@�5S�A�0���&ۖ"���OGj?��U��DWZ5	��dDB7k-)�9�����I�zs��-�JA���v
��J��6L���$�Ն����1Sm�Y.��Lqw*��SH;E��F'�D�Ħ��H��]��M��O��������g���Q���Q�|M�ٙ��ג2Z��9y��@���y�]}6ٽe��Y9��Y2�xˆ�$T�=�e�CǺ��ǵb�n֛�{��j��|��@�LL�t�1�[D�k5:$=�	`�	�M

��
�0�
�0<+


00.0,+
0
� http://ocsp.cudasystems.net:88880	U00	`�H
��B

�0U

��0U%0+
+
03	`�H
��B

&$OpenSSL Generated Client Certificate0U�%�՞V
=���؁�;�bzQ0��U#��0���]�^§������Q�\ӎϡ�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA��H���^��Ōc!5�
�H0U0�karl@denninger.net0
	*�H��


�
�۠�A0�-j%-�-$%���g2#ޡ��1�^��>���{K+�u��GE���v1���ş7Af&b�&O�;.��;A5���*U��)N��D2bF��|\=�]<�sˋL!��wrw���٧>��Y���M���Ä���3\mW�R�� h�Sv���!�_�zv�����l�?� ��3_�� �xU%�\�^����#���O*���Gk̍�YI_�&�Fꊛ�����@&�1�n������”�}� ͬ:��{�hT�P3��B.�;���bU�8:Z��=^���Gw�8���!k-��@���x�E��@�i�,+'�Iᐚ:f��hz�tX7/�(h�Y`��� O�.������1}a`�%�RW��^�a�k������ǂp�C�Au�fgDix�UT��Щ/�7��}�%=j��nVZvcF����<�M=
�2^G�KH5魉
�_���O�4ެ�Byʈ�
��y��S��k�w=5�@h�.0�z�>�
W�1�0�

0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	`�H
e��E0	*�H��

	1	*�H��


0	*�H��

	1
190126202653Z0O	*�H��

	1B@MenK���YU�?�-݉�S{Z�(x��Gy��Ɏ<4a<���(;`�Ӈț�+�
�Y^;�%��&�+h�0l	*�H��

	1_0]0	`�H
e
*0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0��*�H��

	1�����0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	*�H��



�[�b}�y1:���.O���K��+�&NҌC"3�����o}F�-	O�!^���T��ź��ߧ�ɄaZT;�N#��o��n�`�!�}�X���l"$����_K38���l����z���5��\v��Q�	W�	饬4=[�W<
�n�\N-]kT�OND�;�2
[�Mn����?�cN!���$��l�oV$W��)
)W˻�f@��GZbA^��x!Y��BS@
'9�h��b}��#��	�>y���[�k%+�D
��]��%S���s�𪘏e�:m��+��ԛ�Z�W�䐐�n#x�{��ځ�Dj�$7�x�����x[X�I�4=���Ma��
T͝�:e�)N��x�9��h3%����M���n��B�
,ݠbaAQ�%g벋)ÝW�\��L	��h�tq�	��Dh�֝�ҼCK�o�?��
��ͩ�U�3��2����L,y,r���ro�ar��WS{$�<s R�UPI�j�zBJ���q��3A��+��l]'tf

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a961425a-ea40-1dd3-6342-d1b3f22515ce>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact