FreeBSD Mail Archives

Date:      Sat, 26 Jan 2019 15:04:32 -0600
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-stable@freebsd.org
Subject:   Re: Not sure if this is the correct place.... (laptop, dual-boot EFI)
Message-ID:  <59c4f20f-0526-0d0a-4a67-f6ad7b00899d@denninger.net>
In-Reply-To: <a961425a-ea40-1dd3-6342-d1b3f22515ce@denninger.net>
References:  <7391812a-a2ad-874a-80c9-5a871a29f680@denninger.net> <CAJuc1zOaWhfDLKJUFPT7rFORP%2B4m4B5aTU769LK_aDkBOZWMDA@mail.gmail.com> <CACNAnaFLEOucgRFvuukCoznCn7e4RyYSsdo1cRPGUWk9A6ToNg@mail.gmail.com> <CAO7yDHovVLsd2V8Me-fqOcCx=c1%2BC0Ff%2BsrKnmG17GSLtPp1bw@mail.gmail.com> <7a61c927-796d-ea1f-8dce-37e82fb6d646@denninger.net> <CANCZdfrX5TQTY268RqRr%2BGpVbcWGyjh7c=jsZjAzzZ1edsTuMg@mail.gmail.com> <a961425a-ea40-1dd3-6342-d1b3f22515ce@denninger.net>


[-- Attachment #1 --]
Nevermind!

I set the "-g" flag on the provider and.... voila.  Up she comes; the
loader figured out that it had to prompt for the password and it was
immediately good.

Now THAT'S easy compared with the convoluted BS I had to do (two
partitions, fully "by-hand" install, etc) for 11 on my X220.

Off to the races I go; now I have to figure out what I have to set in
Windows group policy so Bitlocker doesn't throw up every time I boot
FreeBSD (this took a bit with my X220 since the boot manager tickled
something that Bitlocker interpreted as "someone tampered with the
system.")  Maybe this will be a nothingburger too (which would be great
if true.)

I'm going to write this one up when I've got it all solid and post it on
my blog; hopefully it will help others.

On 1/26/2019 14:26, Karl Denninger wrote:
>  1/26/2019 14:10, Warner Losh wrote:
>>
>> On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger <karl@denninger.net
>> <mailto:karl@denninger.net>> wrote:
>>
>>     Further question....  does boot1.efi (which I assume has to be
>>     placed on
>>     the EFI partition and then something like rEFInd can select it)
>>     know how
>>     to handle a geli-encrypted primary partition (e.g. for root/boot so I
>>     don't need an unencrypted /boot partition), and if so how do I tell it
>>     that's the case and to prompt for the password?
>>
>>
>> Not really. The whole reason we ditched boot1.efi is because it is
>> quite limited in what it can do. You must loader.efi for that.
>>  
>>
>>     (If not I know how to set up for geli-encryption using a non-encrypted
>>     /boot partition, but my understanding is that for 12 the loader was
>>     taught how to handle geli internally and thus you can now install
>>     12 --
>>     at least for ZFS -- with encryption on root.  However, that wipes the
>>     disk if you try to select it in the installer, so that's no good
>>     -- and
>>     besides, on a laptop zfs is overkill.)
>>
>>
>> For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not
>> and will not grow that functionality.
>>
>> Warner
>>  
> Ok, next dumb question -- can I put loader.efi in the EFI partition
> under EFI/FreeBSD as "bootx64.efi" there (from reading mailing list
> archives that appears to be yes -- just copy it in) and, if yes, how do
> I "tell" it that when it finds the freebsd-ufs partition on the disk it
> was started from (which, if I'm reading correctly, it will scan and look
> for) that it needs to geli attach the partition before it dig into there
> and find the rest of what it needs to boot?
>
> That SHOULD allow me to use an EFI boot manager to come up on initial
> boot, select FreeBSD and the loader.efi (named as bootx64.efi in
> EFI/FreeBSD) code will then boot the system.
>
> I've looked as the 12-RELEASE man page(s) and it's not obvious how you
> tell the loader to look for the partition and then attach it via GELI
> (prompting for the password of course) before attempting to boot it;
> obviously a "load" directive (e.g. geom_eli_load ="YES") makes no sense
> as the thing you'd "load" is on the disk you'd be loading it from and
> its encrypted.. .never mind that loader.conf violates the 8.3 filename
> rules for a DOS filesystem.
>
> Thanks!
>
-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
��
�0��0����H���^��Ōc!5�
�H0
	*�H��
0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA0
170817164217Z
270815164217Z0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0�"0
	*�H��
�0�
��h�-5B>[���;��o���l�Ӵ��0~͎O9}�9�Y��e������*�������$��g��!uk�vʶ�LzN�`jL�>��MD'7U4����5C�B�+�kY`bd����~b*�c3�N��y-�78j�u�]9H�e��uέ�sӬD��ؽ�m��gw�ER�?�&U�UR�j����'�}�9n�WD i�`XcbG��z�\g������G=��u�%���\�O�i1���3���ߝ4�
�K4�4p�YQr]�Ie�/r�0+��eEޝݖ0��C15�M��ݚ@J�SZ(zȏ�N�Ta�(2��5�D�D5���.l�<g[[Za��r�Q�Q%�Bu�ȴ����~~`���I�oh�R�b����ʳ��ڟ���u�2���M�S��8E�dF��UC���l�CM�aѳ����!����}ș�+�2��k��/�bų�E,��n�当ꖛ\�(8�WV�8	d]�b�	�������y�X��w	܊�:I�39��
0�0U]�^§������Q�\ӎ�0��U#��0�����T0�3���9�N0b������0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA�	�@�U��i0U�0�0U��0
	*�H��
���:P U!>v�����J�ni��o�-����#�ן�]Wyu�j���ǑR̀��Q�
�nƇ�!GѦF��g\�yLx�g�w=�O�P��yceh�f[���}�ܷ�['4�ڝ�\[p6\o.��B&�JF���"�ZC{;�*o�*�mc��Cc�LY߾�`
�t�*�S!����񫶭�(���`�]D�HP�5���A~/�N���Pp�����6�=�m��h�k�밣'd���oA$�86hm����5���Ӛ��S@�j���ެE���gl��
�)�0JG���`%�k�3�5��P��a��C?���σ
׳HE�t}!�P���㏏%*���B�xb��Q�waKG����$6h�¦��M�v��e;��[o��-�Iی��&
���I,��T��c�ߎ#t �wPA�@��l0�P�+�KXB��պT	z���G�v;N��c��I3��&��JĬ���UP�N��a��?�/�%�W��6G۟N�0�00����k���#X��d��\�=0
	*�H��
0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0
170817212120Z
220816212120Z0W10	UUS10UFlorida10U
Cuda Systems LLC10Ukarl@denninger.net0�"0
	*�H��
�0�
��T��[I�-ΆϏdn;�Å�@שy���.u�s�~_�Z�G%<��M��Y��d�\g��v�f��n�s�a��1'6����E�gyjs�"C� [�{��~��_���K���Pn+<�*�pv���#Q�����+��H���/���7[-v��qD��V^U>�f��%�GX�)��H.��|l`�M(C�r�>е͇6����#�o��dc"Y�ljҦ�ln8�@�5S�A�0���&ۖ"���OGj?��U��DWZ5	��dDB7k-)�9�����I�zs��-�JA���v
��J��6L���$�Ն����1Sm�Y.��Lqw*��SH;E��F'�D�Ħ��H��]��M��O��������g���Q���Q�|M�ٙ��ג2Z��9y��@���y�]}6ٽe��Y9��Y2�xˆ�$T�=�e�CǺ��ǵb�n֛�{��j��|��@�LL�t�1�[D�k5:$=�	`�	�M���0��0<+00.0,+0� http://ocsp.cudasystems.net:88880	U00	`�H��B�0U��0U%0++03	`�H��B
&$OpenSSL Generated Client Certificate0U�%�՞V=���؁�;�bzQ0��U#��0���]�^§������Q�\ӎϡ�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA��H���^��Ōc!5�
�H0U0�karl@denninger.net0
	*�H��
��۠�A0�-j%-�-$%���g2#ޡ��1�^��>���{K+�u��GE���v1���ş7Af&b�&O�;.��;A5���*U��)N��D2bF��|\=�]<�sˋL!��wrw���٧>��Y���M���Ä���3\mW�R�� h�Sv���!�_�zv�����l�?� ��3_�� �xU%�\�^����#���O*���Gk̍�YI_�&�Fꊛ�����@&�1�n�������}� ͬ:��{�hT�P3��B.�;���bU�8:Z��=^���Gw�8���!k-��@���x�E��@�i�,+'�Iᐚ:f��hz�tX7/�(h�Y`��� O�.������1}a`�%�RW��^�a�k������ǂp�C�Au�fgDix�UT��Щ/�7��}�%=j��nVZvcF����<�M=
�2^G�KH5魉
�_���O�4ެ�Byʈ���y��S��k�w=5�@h�.0�z�>�
W�1�0�0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	`�He��E0	*�H��
	1	*�H��
0	*�H��
	1
190126210432Z0O	*�H��
	1B@��Wϐ��I]����8
c�aU2�%�3VpD�L�=��n���A���F��e3���0l	*�H��
	1_0]0	`�He*0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0��*�H��
	1�����0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	*�H��
�dɯ�w_��Bw���a�?���ܥ{jmq�ǘ0"
o��Ej��h��-Jq3o�W��7B%��>x1�,Rߧ��
]N�Y���-w�a���.�G�h�-_���ɮ��=�}�7X��t�йbz�r"�B��uQ�/u���C�H��
3�N��RWa������KX"�x\�09գ���d����F=ݞ���Bm���p4�&��1-�*x�`/:Ia�U|���7�3�|�M?��q%F�5��6i�^P7S����2���p��2�f*���ӌf{w���Ȫǌ��'z*���	�>�&tS�t���r��Lm���<{�O�хq�?&7'uW���id�$"_����}r ���6΍�h)k^��7�
�HEp�/���^�$�V����1�f��Ϗ�h���c�^\ ��D�E�й��>��H�C+�~��Y�*�M�φx�sā�D�8��nna�Q�������xF[]�g��,r��ά��u�A�[��<�:R�W�k�

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59c4f20f-0526-0d0a-4a67-f6ad7b00899d>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation