From owner-freebsd-cloud@freebsd.org Thu Apr 1 22:45:53 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 674355B972D for ; Thu, 1 Apr 2021 22:45:53 +0000 (UTC) (envelope-from 010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@amazonses.com) Received: from a8-56.smtp-out.amazonses.com (a8-56.smtp-out.amazonses.com [54.240.8.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FBJDw167pz3CYw for ; Thu, 1 Apr 2021 22:45:51 +0000 (UTC) (envelope-from 010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=dqtolf56kk3wpt62c3jnwboqvr7iedax; d=tarsnap.com; t=1617317151; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=6KFN1rCTHH8+WL0qz6tUMFIfCeOx2CZp86md9YLE87U=; b=OPCjxTUd3H1z4D6taq/lsGFB1nEOkNmemhsmD8E+WJ9WZUwKl55WAllU9CKakZpi 3tg+VeMfORxR2zBtIhgzzjNsVbbGjZ/iECKuBAQFeQU4WLsmZI4K3eVbxXvvyJVYUE6 oVPksEBFXPIE3zMKtDxpkqjRiI1vR/R8ORnpVj+0= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1617317151; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=6KFN1rCTHH8+WL0qz6tUMFIfCeOx2CZp86md9YLE87U=; b=i3op7Csxh4TRj2E2mmEoidm9LKp3/gnWoDz/OAz7bkedNPx6LbTlhLyDJmdTcjUc a/rNBroinaCMP4sL7SExw9QXxKlzdXOJOcXxFnzHaxbPWtayNcvcXfYoXUV4OaYMlwf p3gkUIzhtlUHLl0YXatkGpfJz/UcONBzfqp8mGPI= Subject: Re: FreeBSD 12.2-RELEASE x86_64 EC2 AMIs in us-east-2 not booting To: Connor Sheridan , "freebsd-cloud@freebsd.org" References: <010001788f8da8e9-9e6bf04e-7211-4205-b4ed-a2d43698355d-000000@email.amazonses.com> From: Colin Percival Message-ID: <010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@email.amazonses.com> Date: Thu, 1 Apr 2021 22:45:51 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2021.04.01-54.240.8.56 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4FBJDw167pz3CYw X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=dqtolf56kk3wpt62c3jnwboqvr7iedax header.b=OPCjxTUd; dkim=pass header.d=amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug header.b=i3op7Csx; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@amazonses.com designates 54.240.8.56 as permitted sender) smtp.mailfrom=010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@amazonses.com X-Spamd-Result: default: False [-1.20 / 15.00]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=dqtolf56kk3wpt62c3jnwboqvr7iedax,amazonses.com:s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RWL_MAILSPIKE_GOOD(0.00)[54.240.8.56:from]; SPAMHAUS_ZRD(0.00)[54.240.8.56:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.56:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.56:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,010001788f9d41e4-510c616b-8933-44ea-a1a6-d4587c33be5c-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-Mailman-Approved-At: Fri, 02 Apr 2021 07:39:50 +0000 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2021 22:45:53 -0000 #2 certainly works. I think #1 would work, but honestly I don't use encrypted volumes; I've never been able to think up a plausible attack which they would protect against. If you try #1, please let me know how it goes, so I can relay that to the next person to ask. Colin Percial On 4/1/21 3:30 PM, Connor Sheridan wrote: > That's precisely the situation, yes. 32GB EBS volume. So, would either of the following work? > > 1. Provisioning an encrypted volume at the snapshot size, then extending the size of the volume. > 2. Provisioning an unencrypted volume at the desired size. > > Obviously #1 would be preferable. > > -----Original Message----- > From: Colin Percival > Sent: Thursday, April 1, 2021 6:29 PM > To: Connor Sheridan ; freebsd-cloud@freebsd.org > Subject: Re: FreeBSD 12.2-RELEASE x86_64 EC2 AMIs in us-east-2 not booting > > On 4/1/21 2:57 PM, Connor Sheridan wrote: >> I've attempted to provision x86_64 instances in AWS region us-east-2 from both the Marketplace AMIs and the specific AMI ID provided by the 12.2-RELEASE announcement, and they just get stuck in an endless boot loop. Appears to load the kernel, then reboot instantly. Are there any known gotchas about provisioning this release or anything I can do to get these running? > > There seems to be an issue related to encrypted disks -- possibly specifically related to creating an EBS encrypted volume which is larger than the backing snapshot. > > Are you using an encrypted disk? > > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid