Date: Fri, 2 Apr 2021 04:44:32 +0000 From: Colin Percival <cperciva@tarsnap.com> To: Connor Sheridan <cws@nullsec.sh>, "freebsd-cloud@freebsd.org" <freebsd-cloud@freebsd.org> Subject: Re: FreeBSD 12.2-RELEASE x86_64 EC2 AMIs in us-east-2 not booting Message-ID: <0100017890e5a39d-464806cc-158c-4895-8a0d-bf7444ff4c77-000000@email.amazonses.com> In-Reply-To: <DM6PR13MB405051AB676D30A6AEB68222C67B9@DM6PR13MB4050.namprd13.prod.outlook.com> References: <DM6PR13MB4050226C1B564BCC7177DD79C67B9@DM6PR13MB4050.namprd13.prod.outlook.com> <010001788f8da8e9-9e6bf04e-7211-4205-b4ed-a2d43698355d-000000@email.amazonses.com> <DM6PR13MB40506A3CC511BD78BC27D9E6C67B9@DM6PR13MB4050.namprd13.prod.outlook.com> <010001788f9d41c0-5e3bc13e-ed66-45d4-a0fc-be189a9fac59-000000@email.amazonses.com> <DM6PR13MB405051AB676D30A6AEB68222C67B9@DM6PR13MB4050.namprd13.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh, I should have clarified -- the default size is 10 GB but the snapshot itself is 4 GB; you can create a volume any size from 4 GB upwards. (That size varies from release to release, btw.) Colin Percival On 4/1/21 4:17 PM, Connor Sheridan wrote: > Even trying to provision an encrypted volume at the default size results in the same behavior. I hesitate to assert that FreeBSD on encrypted EBS is broken, but it seems to be. > > -----Original Message----- > From: Colin Percival <cperciva@tarsnap.com> > Sent: Thursday, April 1, 2021 6:46 PM > To: Connor Sheridan <cws@nullsec.sh>; freebsd-cloud@freebsd.org > Subject: Re: FreeBSD 12.2-RELEASE x86_64 EC2 AMIs in us-east-2 not booting > > #2 certainly works. I think #1 would work, but honestly I don't use encrypted volumes; I've never been able to think up a plausible attack which they would protect against. > > If you try #1, please let me know how it goes, so I can relay that to the next person to ask. > > Colin Percial > > On 4/1/21 3:30 PM, Connor Sheridan wrote: >> That's precisely the situation, yes. 32GB EBS volume. So, would either of the following work? >> >> 1. Provisioning an encrypted volume at the snapshot size, then extending the size of the volume. >> 2. Provisioning an unencrypted volume at the desired size. >> >> Obviously #1 would be preferable. >> >> -----Original Message----- >> From: Colin Percival <cperciva@tarsnap.com> >> Sent: Thursday, April 1, 2021 6:29 PM >> To: Connor Sheridan <cws@nullsec.sh>; freebsd-cloud@freebsd.org >> Subject: Re: FreeBSD 12.2-RELEASE x86_64 EC2 AMIs in us-east-2 not >> booting >> >> On 4/1/21 2:57 PM, Connor Sheridan wrote: >>> I've attempted to provision x86_64 instances in AWS region us-east-2 from both the Marketplace AMIs and the specific AMI ID provided by the 12.2-RELEASE announcement, and they just get stuck in an endless boot loop. Appears to load the kernel, then reboot instantly. Are there any known gotchas about provisioning this release or anything I can do to get these running? >> >> There seems to be an issue related to encrypted disks -- possibly specifically related to creating an EBS encrypted volume which is larger than the backing snapshot. >> >> Are you using an encrypted disk? >> >> -- >> Colin Percival >> Security Officer Emeritus, FreeBSD | The power to serve Founder, >> Tarsnap | www.tarsnap.com | Online backups for the truly paranoid >> > > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > _______________________________________________ > freebsd-cloud@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-cloud > To unsubscribe, send any mail to "freebsd-cloud-unsubscribe@freebsd.org" > -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0100017890e5a39d-464806cc-158c-4895-8a0d-bf7444ff4c77-000000>