Concerns
thor
thor at irk.ru
Mon Oct 1 13:59:06 UTC 2018
Hello!
I haven't understood anything but I have installed an encrypted RAID5
mfi some time ago, and there are some operators in my encryption routine
that install the boot device via /boot/loader.conf. Maybe it helps.
btw there was a problem that in early boot sequence the geli passphrase
could not be entered. The following lines in /boot/loader.conf helped (I
don't know why):
ukbd_load="YES"
kern.vty="sc"
$ cat encode.sh
#!/bin/sh
# Install the encrypted volume
# (Valid for FreeBSD-10.2-AMD. Check for other version please)
# You should have 3 partotions:
# mfid0p1 Boot manager
# mfid0p2 A fresh minimal system 1.5GB. Do NOT install src!
# mfid0p3 An empty partition spanning the rest of disc on /mnt
#
# We have NO swap. It's a separate problem.
# After you boot you should delete enough files on mfid0p2 to
# make a space for the new kernel you would surely compile.
umount -f /mnt
# Generate the geli key
dd if=/dev/random of=/boot/key bs=64 count=1
# Init a geli partition
geli init -b -s 4096 -K /boot/key /dev/mfid0p3 || exit
# Attach the partition
geli attach -k /boot/key /dev/mfid0p3 || exit
# Format the partition
newfs /dev/mfid0p3.eli
# Enable the journal and soft updates
# It's the last chance! After this point
# we would need a live fs to do it!
tunefs -A -n enable /dev/mfid0p3.eli
tunefs -A -j enable /dev/mfid0p3.eli
tunefs -p /dev/mfid0p3.eli
# Only then we can mount the partitions and fill it.
mount /dev/mfid0p3.eli /mnt
sleep 10
cd /
# Copy all plain files
cp -p * /mnt
#
# Every dir in / except boot and mnt dirs
# Check and recheck it!
# (We would make a IF DIR operator but we are lazy)
for i in bin dev etc lib libexec media proc rescue root sbin tmp usr var
do
cp -Rvp $i /mnt
done
sleep 10
mkdir /mnt/mnt
mkdir /mnt/mnt/boot
mount /dev/mfid0p2 /mnt/mnt/boot
# Make a new fstab with our new encrypted partitions
#
mv /mnt/etc/fstab /mnt/etc/fstab.orig
cat <<EEEOOOFFF >>/mnt/etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/mfid0p3.eli / ufs rw,noatime 1 1
/dev/mfid0p2 /mnt/boot ufs rw,noatime 2 2
EEEOOOFFF
ln -s /mnt/boot/boot /mnt/boot
# loader.conf shows where is our kernel, root, etc
# We also load the eli here
cat <<EEOOFF >>/boot/loader.conf
geom_eli_load="YES"
geli_mfid0p3_keyfile0_load="YES"
geli_mfid0p3_keyfile0_type="mfid0p3:geli_keyfile0"
geli_mfid0p3_keyfile0_name="/boot/key"
vfs.root.mountfrom="ufs:mfid0p3.eli"
EEOOFF
echo Reboot Now
$su
#dmesg
.......
mfi0: 25667 (590706605s/0x0020/info) - Shutdown command received from host
mfi0: 25668 (boot + 3s/0x0020/info) - Firmware initialization started
(PCI ID 0060/1000/1f0c/1028)
mfi0: 25669 (boot + 3s/0x0020/info) - Firmware version 1.22.52-1909
mfi0: 25670 (boot + 23s/0x0008/info) - Battery Present
mfi0: 25671 (boot + 23s/0x0020/info) - Controller hardware revision ID (0x0)
mfi0: 25672 (boot + 23s/0x0020/info) - Package version 6.3.3.0002
mfi0: 25673 (boot + 23s/0x0020/info) - Board Revision
mfi0: 25674 (boot + 30s/0x0002/info) - Inserted: PD 04(e0xff/s4)
mfi0: 25675 (boot + 30s/0x0002/info) - Inserted: PD 04(e0xff/s4) Info:
enclPd=ffff, scsiType=0, portMap=04,
sasAddr=1221000004000000,0000000000000000
mfi0: 25676 (boot + 30s/0x0002/WARN) - PD 04(e0xff/s4) is not a
certified drive
mfi0: 25677 (boot + 30s/0x0002/info) - Inserted: PD 05(e0xff/s5)
mfi0: 25678 (boot + 30s/0x0002/info) - Inserted: PD 05(e0xff/s5) Info:
enclPd=ffff, scsiType=0, portMap=05,
sasAddr=1221000005000000,0000000000000000
mfi0: 25679 (boot + 30s/0x0002/WARN) - PD 05(e0xff/s5) is not a
certified drive
mfi0: 25680 (boot + 30s/0x0002/info) - Inserted: PD 06(e0xff/s6)
mfi0: 25681 (boot + 30s/0x0002/info) - Inserted: PD 06(e0xff/s6) Info:
enclPd=ffff, scsiType=0, portMap=06,
sasAddr=1221000006000000,0000000000000000
mfi0: 25682 (boot + 30s/0x0002/WARN) - PD 06(e0xff/s6) is not a
certified drive
mfi0: 25683 (boot + 30s/0x0002/info) - Inserted: PD 07(e0xff/s7)
mfi0: 25684 (boot + 30s/0x0002/info) - Inserted: PD 07(e0xff/s7) Info:
enclPd=ffff, scsiType=0, portMap=07,
sasAddr=1221000007000000,0000000000000000
mfi0: 25685 (boot + 30s/0x0002/WARN) - PD 07(e0xff/s7) is not a
certified drive
mfi0: 25686 (boot + 30s/0x0020/info) - Patrol Read resumed
mfi0: 25687 (590801787s/0x0020/info) - Time established as 09/20/18
23:36:27; (31 seconds since power on)
mfi0: 25688 (590801844s/0x0008/info) - Battery temperature is normal
mfi0: 25689 (590801844s/0x0008/info) - Current capacity of the battery
is above threshold
mfi0: 25690 (590801844s/0x0008/info) - Battery started charging
mfi0: 25691 (boot + 3s/0x0020/info) - Firmware initialization started
(PCI ID 0060/1000/1f0c/1028)
mfi0: 25692 (boot + 3s/0x0020/info) - Firmware version 1.22.52-1909
mfi0: 25693 (boot + 23s/0x0008/info) - Battery Present
mfi0: 25694 (boot + 23s/0x0020/info) - Controller hardware revision ID (0x0)
mfi0: 25695 (boot + 23s/0x0020/info) - Package version 6.3.3.0002
mfi0: 25696 (boot + 23s/0x0020/info) - Board Revision
mfi0: 25697 (boot + 30s/0x0002/info) - Inserted: PD 04(e0xff/s4)
....
mfid0 on mfi0
mfid0: 5721600MB (11717836800 sectors) RAID volume 'pink' is optimal
mfi0: MFI_DCMD_PD_LIST_QUERY failed 2
mfi0: 25698 (boot + 30s/0x0002/info) - Inserted: PD 04(e0xff/s4) Info:
enclPd=ffff, scsiType=0, portMap=04,
sasAddr=1221000004000000,0000000000000000
mfi0: 25699 (boot + 30s/0x0002/WARN) - PD 04(e0xff/s4) is not a
certified drive
mfi0: 25700 (boot + 30s/0x0002/info) - Inserted: PD 05(e0xff/s5)
mfi0: MFI_DCMD_PD_LIST_QUERY failed 2
mfi0: 25701 (boot + 30s/0x0002/info) - Inserted: PD 05(e0xff/s5) Info:
enclPd=ffff, scsiType=0, portMap=05,
sasAddr=1221000005000000,0000000000000000
mfi0: 25702 (boot + 30s/0x0002/WARN) - PD 05(e0xff/s5) is not a
certified drive
mfi0: 25703 (boot + 30s/0x0002/info) - Inserted: PD 06(e0xff/s6)
mfi0: MFI_DCMD_PD_LIST_QUERY failed 2
mfi0: 25704 (boot + 30s/0x0002/info) - Inserted: PD 06(e0xff/s6) Info:
enclPd=ffff, scsiType=0, portMap=06,
sasAddr=1221000006000000,0000000000000000
mfi0: 25705 (boot + 30s/0x0002/WARN) - PD 06(e0xff/s6) is not a
certified drive
mfi0: 25706 (boot + 30s/0x0002/info) - Inserted: PD 07(e0xff/s7)
mfi0: MFI_DCMD_PD_LIST_QUERY failed 2
mfi0: 25707 (boot + 30s/0x0002/info) - Inserted: PD 07(e0xff/s7) Info:
enclPd=ffff, scsiType=0, portMap=07,
sasAddr=1221000007000000,0000000000000000
mfi0: 25708 (boot + 30s/0x0002/WARN) - PD 07(e0xff/s7) is not a
certified drive
mfi0: 25709 (boot + 30s/0x0020/info) - Patrol Read resumed
mfi0: 25710 (590802278s/0x0020/info) - Time established as 09/20/18
23:44:38; (31 seconds since power on)
....
mfi0: 25711 (590802335s/0x0008/info) - Battery temperature is normal
mfi0: 25712 (590802335s/0x0008/info) - Current capacity of the battery
is above threshold
mfi0: 25713 (590802335s/0x0008/info) - Battery started charging
....
cryptosoft0: <software crypto> on motherboard
GEOM_ELI: Device mfid0p3.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI: Crypto: software
mfi0: 25714 (590803765s/0x0008/info) - Battery charge complete
On 09/29/18 12:23, The Doctor via freebsd-questions wrote:
> I am restoring a full system from backup going from ZFS back to UFS.
>
> Found something in dmesg of interest
>
>
> AVAGO MegaRAID SAS FreeBSD mrsas driver version: 06.712.04.00-fbsd
> mfi0: <ThunderBolt> port 0xf000-0xf0ff mem 0xfbe60000-0xfbe63fff,0xfbe00000-0xfbe3ffff irq 64 at device 0.0 numa-domain 1 on pci9
> mfi0: Using MSI
> mfi0: Megaraid SAS driver Ver 4.23
> mfi0: FW MaxCmds = 1008, limiting to 128
> mfi0: MaxCmd = 1008, Drv MaxCmd = 128, MaxSgl = 70, state = 0xb73c03f0
> mfi0: 17018 (591494719s/0x0020/info) - Shutdown command received from host
> mfi0: 17019 (boot + 9s/0x0020/info) - Firmware initialization started (PCI ID 005b/1000/9276/1000)
> mfi0: 17020 (boot + 9s/0x0020/info) - Firmware version 3.460.05-4565
> mfi0: 17021 (boot + 11s/0x0008/info) - Battery Present
> mfi0: 17022 (boot + 11s/0x0020/info) - Package version 23.34.0-0005
> mfi0: 17023 (boot + 11s/0x0020/info) - Board Revision 001
> mfi0: 17024 (boot + 16s/0x0008/info) - Battery charge complete
> mfi0: 17025 (boot + 16s/0x0008/info) - Battery temperature is normal
> mfi0: 17026 (boot + 29s/0x0002/info) - Inserted: PD 09(e0xfc/s0)
> mfi0: 17027 (boot + 29s/0x0002/info) - Inserted: PD 09(e0xfc/s0) Info: enclPd=fc, scsiType=0, portMap=01, sasAddr=5000c50096e12239,0000000000000000
> mfi0: 17028 (boot + 29s/0x0002/info) - Inserted: PD 0a(e0xfc/s1)
> mfi0: 17029 (boot + 29s/0x0002/info) - Inserted: PD 0a(e0xfc/s1) Info: enclPd=fc, scsiType=0, portMap=00, sasAddr=5000c50084ca7425,0000000000000000
> mfi0: 17030 (591494782s/0x0020/info) - Time established as 09/29/18 0:06:22; (34 seconds since power on)
> mfi0: 17031 (591494827s/0x0020/WARN) - Host driver needs to be upgraded to enable extended LD support
> mfi0: 17032 (591494827s/0x0020/info) - Host driver is loaded and operational
> mfid0 numa-domain 1 on mfi0
> mfid0: 3814912MB (7812939776 sectors) RAID volume (no label) is optimal
>
> Loader variables:
>
> Manual root filesystem specification:
> <fstype>:<device> [options]
> Mount <device> using filesystem <fstype>
> and with the specified (optional) option list.
>
> eg. ufs:/dev/da0s1a
> zfs:tank
> cd9660:/dev/cd0 ro
> (which is equivalent to: mount -t cd9660 -o ro /dev/cd0 /)
>
> ? List valid disk boot devices
> . Yield 1 second (for background tasks)
> <empty line> Abort manual input
>
> mountroot>
> List of GEOM managed disk devices:
> cd0 gptid/da2fc326-c377-11e8-a335-0cc47aac511e ufsid/5baebbf017da70dd gptid/c680d0e9-c377-11e8-a335-0cc47aac511e msdosfs/EFISYS gptid/926bcda2-c377-11e8-a335-0cc47aac511e mfid0p3 mfid0p2 mfid0p1 mfid0
>
> mountroot> random: unblocking device.
> Trying to mount root from ufs:/dev/mfid0p2 []...
>
> How do fix the above so that the OS knows where the root is?
>
>
> mfi0: 17033 (591505200s/0x0020/info) - Patrol Read started
> mfi0: 17034 (591505200s/0x0001/info) - Consistency Check started on VD 00/0
> mfi0: Failed to get command
> mfi0: 17035 (591505200s/0x0001/WARN) - Consistency Check started on an inconsistent VD 00/0
>
> Anything to be concerned about?
>
More information about the freebsd-questions
mailing list