How to make a bootable USB stick for booting a geli encryptet hard disk?

Adam Wood aswood at gmail.com
Wed Apr 19 14:00:04 UTC 2006


I've been working on writing a guide for creating a bootable CD-R for
those of us who cannot boot USB devices, but, since you can, you might
try this:

Boot up the 6.1-RC install CD (disc1) and start the Fixit shell. If
you've already built a custom kernel or something on your encrypted
disk, you'll need to go through whatever steps necessary to mount it
and gain access to its /boot. Otherwise, you can just use the kernel
on the boot CD.

Prepare the USB device and make it bootable:

fdisk -BI /dev/ad0
bsdlabel -Brw /dev/ad0s1
bsdlabel -e /dev/ad0s1

Note that -e invokes $EDITOR, so you might have to set it to the correct path.

export EDITOR=/dist/usr/bin/vi

bsdlabel can be tricky if you're entering it in manually. You don't
want to touch the c: listing. You just want to add an a: listing
before it, and give it the same values that the c: entry has, except
change "unused" to "4.2BSD". Save and exit.

Now you need to give it a filesystem:

newfs /dev/ad0s1

And mount it:

mkdir /mnt
mount /dev/ad0s1 /mnt

Now copy the kernel:

cp -Rp /dist/boot /mnt/

You'll need to create a loader.conf unless you've compiled geom_eli
into the kernel:

echo geom_eli_load=\"YES\" >> /mnt/boot/loader.conf

You should also create an etc/fstab file on the root of the USB disk:

mkdir /mnt/etc
vi /mnt/etc/fstab

If you already have an /etc/fstab file on your encrypted disk, this
new fstab may only need to contain the root partition location. I
could be wrong, though, so you might just include all of the
partitions. If you have access to the /etc/fstab on the encrypted
disk, it'll probably be easier to just copy it.

Afterwards, you should be able to reboot and hope everything works.

--adam

Note: The commands to prepare the USB disk WILL erase everything on
it. I assume you know that.

On 4/18/06, Frank J. Beckmann <frank at barda.agala.net> wrote:
> Hi,
>
> I plan to encrypt the whole hard drive with geli. That is reaaly well
> documented and every thing went ok. But there is one thing that does not
> work. How do I make a bootable USB stick? I need it because the root
> partition of the hard drive is encrypted too. I tried to make a bootable USB
> stick with sysinstall and also with fdisk. I tried to do it on my new Athlon
> 64 board and on and old Pentium III board. The result is always the same:
> When I try to boot from the stick the Athlon 64 always says "invalid slice".
> And the P III always tells my "invalid label". That look like some kind of
> geometry problem. Can anybody help my please? I'm using FreeBSD 6.1-RC.
>
> Sorry if this gets posted twice.
> --
> Bye
> Frank
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
>


More information about the freebsd-geom mailing list