How to make a bootable USB stick for booting a geli encryptet
hard disk?
Adam Wood
aswood at gmail.com
Wed Apr 19 14:00:04 UTC 2006
I've been working on writing a guide for creating a bootable CD-R for
those of us who cannot boot USB devices, but, since you can, you might
try this:
Boot up the 6.1-RC install CD (disc1) and start the Fixit shell. If
you've already built a custom kernel or something on your encrypted
disk, you'll need to go through whatever steps necessary to mount it
and gain access to its /boot. Otherwise, you can just use the kernel
on the boot CD.
Prepare the USB device and make it bootable:
fdisk -BI /dev/ad0
bsdlabel -Brw /dev/ad0s1
bsdlabel -e /dev/ad0s1
Note that -e invokes $EDITOR, so you might have to set it to the correct path.
export EDITOR=/dist/usr/bin/vi
bsdlabel can be tricky if you're entering it in manually. You don't
want to touch the c: listing. You just want to add an a: listing
before it, and give it the same values that the c: entry has, except
change "unused" to "4.2BSD". Save and exit.
Now you need to give it a filesystem:
newfs /dev/ad0s1
And mount it:
mkdir /mnt
mount /dev/ad0s1 /mnt
Now copy the kernel:
cp -Rp /dist/boot /mnt/
You'll need to create a loader.conf unless you've compiled geom_eli
into the kernel:
echo geom_eli_load=\"YES\" >> /mnt/boot/loader.conf
You should also create an etc/fstab file on the root of the USB disk:
mkdir /mnt/etc
vi /mnt/etc/fstab
If you already have an /etc/fstab file on your encrypted disk, this
new fstab may only need to contain the root partition location. I
could be wrong, though, so you might just include all of the
partitions. If you have access to the /etc/fstab on the encrypted
disk, it'll probably be easier to just copy it.
Afterwards, you should be able to reboot and hope everything works.
--adam
Note: The commands to prepare the USB disk WILL erase everything on
it. I assume you know that.
On 4/18/06, Frank J. Beckmann <frank at barda.agala.net> wrote:
> Hi,
>
> I plan to encrypt the whole hard drive with geli. That is reaaly well
> documented and every thing went ok. But there is one thing that does not
> work. How do I make a bootable USB stick? I need it because the root
> partition of the hard drive is encrypted too. I tried to make a bootable USB
> stick with sysinstall and also with fdisk. I tried to do it on my new Athlon
> 64 board and on and old Pentium III board. The result is always the same:
> When I try to boot from the stick the Athlon 64 always says "invalid slice".
> And the P III always tells my "invalid label". That look like some kind of
> geometry problem. Can anybody help my please? I'm using FreeBSD 6.1-RC.
>
> Sorry if this gets posted twice.
> --
> Bye
> Frank
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
>
More information about the freebsd-geom
mailing list