From owner-freebsd-stable@freebsd.org Sun Feb 10 18:06:58 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7248714D4B8D for ; Sun, 10 Feb 2019 18:06:58 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound1.eu.mailhop.org (outbound1.eu.mailhop.org [52.28.251.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E2FD989A00 for ; Sun, 10 Feb 2019 18:06:57 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1549821047; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=Br67rJ7gWV5oM4/YOlhPpSTyQcnGvNquldyegeg+FdZZMbapisTZYLAy6sJnwdLxQKtsmMnmMhZCP GTuHzdorNSISxQ5+3HdHapqLEfyeie2ZzmlRBr+Da1LeytYPnj4XfCqlNpS5dj8QS8XXQVQgAFliDN +QR1qUcCEKVPKBxV7do+DfeYaly52l1kWDC0LoRIAO4IRRWhEMaAMl89rbQ3Dtuhqh/9o94PQghcAl Xgj1JXf2R6M5CL39nbVcsguscWpuvbUcJFP+48QkWhUN9IGxuHRffg9HsM5Vxa4xhU+VQy//4vskeX Coh5XAteMOORqSTHv9OT1nvtqqPGPsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:dkim-signature:from; bh=fDxaKb5lAM+lX+rESb2Ntilx7EdA6xUXxW0kCb0y0h4=; b=oPGtrTbYW4iDv3TXFSibr1j0Z2wmjsv/OF/VhbPmLLxfEMSEB0GDnYS11mk0tbEby7yFOI06WeF8l IXUjQROnr1i6bOsD8w+lDhBOZTrdpgs3faD+x+Bbx7s1oQ9LvMX8DWy1kQH1GZRX/4VXg3wr4YA2xZ uheC+Rui40Sp2c4VtKGcih4u1F70mrf1s/tVbeqJ6FfbMfup0I28j9kgYDhUIZ8/RazynJLVB6jXML X/8mdX/MntF3fTinp2A4PXgMRA6rNEvXnmbeOK/C5EvUGrMe0DCEhyLPrKlu9SxWa2l3aC+6+DoDKx CGocwqa1q1dzlrxAodYLG3PDQ0LwYHg== ARC-Authentication-Results: i=1; outbound3.eu.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:from; bh=fDxaKb5lAM+lX+rESb2Ntilx7EdA6xUXxW0kCb0y0h4=; b=qDHe0Z4WckpleVWdgxx7/HPB9WUwOemQVRKkeHCbXmINSqG9HyZFTMca1QkjYZfdiTlvcbvF/4eFk 29JukOonr+s48r9yYjYejHqbrFBjjsiep1UtTRd+bqn9sAjfhGcwXzFt9vpOtHXsp9vjR6JMPgRy66 vhH5dBMC/CcbCtc8blA6ogGMS8NY5OmHrI88P8Lj2BSwHz4vGUyGakQ49ZUlADowIeFFbJDI4E3dd8 4nyuCjnvNaU+7FsDCYg/2hVZvT6L5pRodMj4++/nsfRt1J2iCsUjDH9CfnmqbS1yg3uF+dylDmbvlP dlwz0LJ6PENvemI28sNgihWyhgTunNQ== X-MHO-RoutePath: aGlwcGll X-MHO-User: 62864090-2d5c-11e9-908b-352056dbf2de X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound3.eu.mailhop.org (Halon) with ESMTPSA id 62864090-2d5c-11e9-908b-352056dbf2de; Sun, 10 Feb 2019 17:50:44 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id x1AHog78052648; Sun, 10 Feb 2019 10:50:42 -0700 (MST) (envelope-from ian@freebsd.org) Message-ID: <16c56c89ff8a3d89164d9152f6c38687dcba99b5.camel@freebsd.org> Subject: Re: Fwd: Serious ZFS Bootcode Problem (GPT NON-UEFI) From: Ian Lepore To: Karl Denninger , freebsd-stable@freebsd.org Cc: Allan Jude Date: Sun, 10 Feb 2019 10:50:42 -0700 In-Reply-To: References: <911d001f-9e33-0521-51fe-f7d1383dfc62@denninger.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: E2FD989A00 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.955,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:16509, ipnet:52.28.0.0/16, country:US] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Feb 2019 18:06:58 -0000 On Sun, 2019-02-10 at 11:37 -0600, Karl Denninger wrote: > On 2/10/2019 09:28, Allan Jude wrote: > > Are you sure it is non-UEFI? As the instructions you followed, > > overwriting da0p1 with gptzfsboot, will make quite a mess if that > > happens to be the EFI system partition, rather than the freebsd- > > boot > > partition. > > [...] > > BTW am I correct that gptzfsboot did *not* get the ability to read > geli-encrypted pools in 12.0? The UEFI loader does know how (which I'm > using on my laptop) but I was under the impression that for non-UEFI > systems you still needed the unencrypted boot partition from which to > load the kernel. > Nope, that's not correct. GELI support was added to the boot and loader programs for both ufs and zfs in freebsd 12. You must set the geli '-g' option to be prompted for the passphrase while booting (this is separate from the '-b' flag that enables mounting the encrypted partition as the rootfs). You can use "geli configure -g" to turn on the flag on any existing geli partition. -- Ian