From owner-freebsd-questions@FreeBSD.ORG Thu Dec 25 16:18:33 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 88BBAD24 for ; Thu, 25 Dec 2014 16:18:33 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4196D3651 for ; Thu, 25 Dec 2014 16:18:32 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Y4B7O-0007o5-7V for freebsd-questions@freebsd.org; Thu, 25 Dec 2014 17:18:30 +0100 Received: from p4fddd489.dip0.t-ipconnect.de ([79.221.212.137]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 25 Dec 2014 17:18:30 +0100 Received: from christian.baer by p4fddd489.dip0.t-ipconnect.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 25 Dec 2014 17:18:30 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Christian Baer Subject: Re: FreeBSD 10.1-STABLE: UEFI booting from USB flash drive + FBSD system on HDD Date: Thu, 25 Dec 2014 17:18:16 +0100 Lines: 34 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: p4fddd489.dip0.t-ipconnect.de User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 In-Reply-To: X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2014 16:18:33 -0000 Am 25.12.2014 um 15:32 schrieb Julien Meister: > Any idea on how to make this work with UEFI? From what I understood, EFI > tries to boot on the first ufs partition found. It should be therefore > [FILE]da0p2[/FILE] ... but it isn't. Not really a way to make it work like you want, but have you (or rather why haven't you) considerd putting /boot on the HDD aswell? This way you can have everything else encrypted. If you init the geli provider with the -b flag and make sure geli is loaded at boot time with geom_eli_load="YES" in the loader.conf, everything should work fine. /boot does now contain any sensitive information. The reason I am suggesting this is because I have been nearly driven crazy by UEFI on several machines because the device names seem to change with nearly every boot. Admittedly, this is a problem I ran into with SuSE Linux at work, but the problem seems the same: The devices are "handed" to the kernel in a non-predictable order. Under SuSE this went so far that a computer with 2 HDDs would sometimes not boot, just because the kernel was fed the 2nd HDD as first. That is the short version of a reason I read in an article about SuSE and UEFI. SuSE by default uses hardware UIDs. That however is absolutely useless if you are (like me at the time) installing the first of several identical workstations in order to create an image off the drive for the other machines. I still haven't quite gotten on the good side of UEFI yet (see my other post) and I really hope there actually *is* a good side! Best regards, Chris