Date: Sat, 23 Sep 2006 12:38:34 +1000 From: Gary Newcombe <gary@pattersonsoftware.com> To: freebsd-questions@freebsd.org Cc: phatfish@gmail.com Subject: Creating a bootable CD with CD Loader Message-ID: <20060923123834.c72119da.gary@pattersonsoftware.com>
next in thread | raw e-mail | index | archive | help
On Fri, 22 Sep 2006 17:45:36 +0100 "Chris" <phatfish@gmail.com> wrote: > Hi, I'm looking to create my own custom boot CD that will be used to > bootstrap fully encrypted system using GEOM ELI. All the CD needs to do is > load a kernel to initialize the encrypted root partition on the HDD, and > read a key file to decrypt it. Hi Chris, I recently did this for two laptops, one booting from usb and the other from cd with both of them getting the key from a usb drive. If your key is on the cd, then it's no problem. A bit harder if you have to boot from cd and then mount a usb drive to read the key. > I ripped the CD Loader image out of one of the FreeBSD 6.1 CD's, and it > seems to work as wanted. It loads the kernel from the system I'm running at > the moment, I just put my current /boot directory on the CD (although it > doesn't fully boot, i guess it just needs some config changes). How do you mean it doesn't boot fully? Creating a bootable cd is in the handbook. # mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/cdfiles Your tmp/cdfiles should contain a boot folder matching that on the encrypted system. You'll only need the kernel and modules that you load though and gzipping them will speed up the slow boot. You'll also need to modify your loader.conf: geom_eli_load="YES" kern.geom.eli.debug=0 kern.geom.eli.visible_passphrase=0 geli_ad0_keyfile0_load="YES" geli_ad0_keyfile0_type="ad0:geli_keyfile0" geli_ad0_keyfile0_name="/ad0.key" You'll also need an /etc/fstab in /tmp/cdfiles with the root partition: eg /dev/ad0.elia / ufs rw 1 1 The other thing I recall is that bug kbdmux bug in 6.1. Shows up on some but not all from what I can remember. If you are using a password as well as a key, and the keyboard seems to have frozen when you try to enter the password, try this in device.hints: hint.kbdmux.0.disabled="1" Cheers Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060923123834.c72119da.gary>