Can't boot from encrypted partition
Petr Hejl
petr.hejl at freedev.cz
Thu Mar 15 22:25:54 UTC 2018
Hello, FreeBSD community.
I need help with booting from an encrypted partition. Until now, my EFI
machine booted from an unencrypted ZFS, while the rest of the system
resided on an encrypted ZFS. The layout was like this:
/dev/ada0
|- /dev/ada0p1 (efi, 800k)
|- /dev/ada0p2 (freebsd-zfs, 1G)
|- /dev/ada0p3 (freebsd-zfs, geli-encrypted, 931G)
That worked OK. Since FreeBSD >= 11.0 should be able to boot an entirely
encrypted system (let alone the EFI loader, of course), I'd like to get
to that point (installing 11.1-RELEASE on amd64). So I create my layout
like this:
gpart create -s gpt /dev/ada0
gpart add -t efi -l efi -s 800k /dev/ada0
gpart add -t freebsd-zfs -l system /dev/ada0
dd if=/boot/boot1.efifat of=/dev/ada0p1
geli init -g -l 256 -s 4096 /dev/ada0p2
So the only difference is that there is no separate partition for /boot
and the ZFS partition is encrypted with 'geli init -g' rather than 'geli
init -b'.
The new layout is then:
/dev/ada0
|- /dev/ada0p1 (efi, 800k)
|- /dev/ada0p2 (freebsd-zfs, geli-encrypted, 931G)[/CODE]
After that, I install the system as usual, in the way it's always worked.
geli manpage says:
" ...
-g Enable booting from this encrypted root
filesystem. The boot loader prompts for the
passphrase and loads loader from the
encrypted partition.
..."
The problem is, that it doesn't. When the EFI loader starts, it says it
can't find any UFS or ZFS partitions, thus no /boot/loader.efi and ends
with:
panic: No bootable partitions found
I have no idea what's wrong.
Thank you for any advice.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20180315/1c9e409f/attachment.sig>
More information about the freebsd-questions
mailing list