proper newfs options for SSD disk
Matthias Apitz
guru at unixarea.de
Tue Jun 19 07:09:04 UTC 2012
El día Sunday, June 17, 2012 a las 09:16:12PM -0600, Warren Block escribió:
> On Sat, 16 Jun 2012, Matthias Apitz wrote:
>
> > OK, but I wanted to have most of the space of the 4 GB SSD encrypted
> > with geli(8); so I should make there some slice containing /boot
> > (unencrypted) and a second slice which later will contain my HOME and
> > encrypted; wrong?
>
> That's correct: http://forums.freebsd.org/showthread.php?t=29652
Thanks for the pointers and the comments from you and Wojciech;
I'm attaching below what I have planned as the exactly procedure now and
would thank in advance for any comments;
one remaining question is, how could I attache the geli(8) crypted file
system during boot (via rc.conf) but using a passphrase which should be
asked and typed in on boot? is this somehow possible?
Thanks
matthias
$Id:$
current disk layout of EeePC:
Filesystem Size Used Avail Capacity Mounted on
/dev/ada0s1a 3.7G 568M 3.1G 15% /
/dev/ada1s1a 14G 8.7G 5.8G 60% /usr/local
future disk layout.
/dev/ada0p1 freebsd-boot
/dev/ada0p2 freebsd-ufs /boot 256 Mbyte
/dev/ada0p3 freebsd-ufs /private 3.5 GByte (geli encrypted)
/dev/ada1p1 freebsd-boot
/dev/ada1p2 freebsd-ufs / 14.0 GByte (/ /usr /var ... all
in one file system and unencrypted)
commands:
# gpart destroy -F ada0
# gpart create -s gpt ada0
# gpart add -t freebsd-boot -s 512k ada0
# gpart bootcode -b /boot/pmbr -p /boot/gptboot -i1 ada0
# gpart add -t freebsd-ufs -b 1m -s 256m ada0
# gpart add -t freebsd-ufs ada0
# gpart destroy -F ada1
# gpart create -s gpt ada1
# gpart add -t freebsd-boot -s 512k ada1
# gpart bootcode -b /boot/pmbr -p /boot/gptboot -i1 ada1
# gpart add -t freebsd-ufs -b 1m ada1
this allows as well at the beginning to boot the system from ada1
(must be done manually from BIOS); later we will copy over /boot from ada1p2
to ada0p2 (see below);
create on ada0 the future /boot and /privae file systems and on ada1
the future / root file system; and mount the last as /mnt
# newfs /dev/ada0p2
# newfs /dev/ada0p3
# newfs /dev/ada1p2
# mount /dev/ada1p2 /mnt
start the mouse daemon (only for cut&paste:
# /etc/rc.d/moused onestart
install the system (user land and kernel) from /usr/src to /mnt:
# cd /usr/src
# make installworld DESTDIR=/mnt
# make installkernel DESTDIR=/mnt KERNCONF=GENERIC INSTALL_NODEBUG=t
# make distrib-dirs DESTDIR=/mnt
# make distribution DESTDIR=/mnt
create the future /etc/fstab to mount / as root fs:
# echo /dev/ada1p2 / ufs rw 1 1 > /mnt/etc/fstab
configure some basic services in future /etc/rc.conf:
# cat <<EOF > /mnt/etc/rc.conf
tmpmfs="YES"
tmpsize="128m"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
ifconfig_bge0="DHCP"
ifconfig_em0="DHCP"
hostname=aurora.Sisis.de
sshd_enable="YES"
moused_enable="YES"
keymap="german.iso"
EOF
create at least one unpriv user to be able to SSH into the
new system later:
# chroot /mnt /usr/sbin/adduser
unmount the new / and reboot:
# umount /mnt
# reboot
after reboot system should now come up from ada1 and we copy over the /boot to ada0p2
# mount /dev/ada0p2 /mnt
# cp -Rp /boot /mnt
# echo 'geom_eli_load="YES"' > /mnt/boot/loader.conf
# echo 'vfs.root.mountfrom="ufs:ada1p2"' >> /mnt/boot/loader.conf
# umount /mnt
# reboot
should now boot by itself from ada0 and mount the tootfs from ada1p2;
later we will use /dev/ada0p3 for the geli(8) encrypted file system and
we will mount this as /private; my $HOME should be /private/home
--
Matthias Apitz
e <guru at unixarea.de> - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
More information about the freebsd-hackers
mailing list