Date: Sun, 10 Feb 2019 10:50:42 -0700 From: Ian Lepore <ian@freebsd.org> To: Karl Denninger <karl@denninger.net>, freebsd-stable@freebsd.org Cc: Allan Jude <allanjude@freebsd.org> Subject: Re: Fwd: Serious ZFS Bootcode Problem (GPT NON-UEFI) Message-ID: <16c56c89ff8a3d89164d9152f6c38687dcba99b5.camel@freebsd.org> In-Reply-To: <a107a4f5-2851-191a-5f8c-a4cd44c98458@denninger.net> References: <911d001f-9e33-0521-51fe-f7d1383dfc62@denninger.net> <CANCZdfp0QaXodmYBp9Eox9Ca5kyQibCXw5rRTwsO-mCjApYswA@mail.gmail.com> <b11ec38c-1c6a-6e92-810c-4d2fe3e8df3d@freebsd.org> <a107a4f5-2851-191a-5f8c-a4cd44c98458@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2019-02-10 at 11:37 -0600, Karl Denninger wrote: > On 2/10/2019 09:28, Allan Jude wrote: > > Are you sure it is non-UEFI? As the instructions you followed, > > overwriting da0p1 with gptzfsboot, will make quite a mess if that > > happens to be the EFI system partition, rather than the freebsd- > > boot > > partition. > > [...] > > BTW am I correct that gptzfsboot did *not* get the ability to read > geli-encrypted pools in 12.0? The UEFI loader does know how (which I'm > using on my laptop) but I was under the impression that for non-UEFI > systems you still needed the unencrypted boot partition from which to > load the kernel. > Nope, that's not correct. GELI support was added to the boot and loader programs for both ufs and zfs in freebsd 12. You must set the geli '-g' option to be prompted for the passphrase while booting (this is separate from the '-b' flag that enables mounting the encrypted partition as the rootfs). You can use "geli configure -g" to turn on the flag on any existing geli partition. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16c56c89ff8a3d89164d9152f6c38687dcba99b5.camel>