Moving raw system image to another drive breaks GELI

David Christensen dpchrist at holgerdanske.com
Sun Mar 3 07:10:37 UTC 2019 

On 2/26/19 10:00 AM, David Christensen wrote:
> I have a computer:
> 
> 2019-02-26 09:50:14 dpchrist at ragnar ~
> $ freebsd-version ; uname -a
> 11.2-RELEASE-p9
> FreeBSD ragnar 11.2-RELEASE-p9 FreeBSD 11.2-RELEASE-p9 #0: Tue Feb  5 
> 15:30:36 UTC 2019 
> root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
> 
> 
> I installed to a SanDisk Ultra Fit USB 3.0 16 GB flash drive:
> 
>        Partitioning                      Auto (ZFS)
>          Pool Type/Disks                 stripe,da0
>          Pool Name                       zroot
>          Force 4K Sectors                YES
>          Encrypt Disks                   YES
>          Partition Scheme                MBR (BIOS)
>          Swap Size                       2g
>          Mirror Swap                     NO
>          Encrypt Swap                    YES
>          Install
> 
> 
> If I do a raw binary copy of the USB flash drive to a Intel 520 Series 
> SSD 60 GB with dd(1) and boot the SSD, GELI rejects the passphrase and I 
> end up at a "mountroot>" prompt.
> 
> 
> I would like to be able to move raw FreeBSD system images from drive to 
> drive and have them work.

I did another install onto SSD.  While comparing the configuration files 
between the USB install and the SSD install, I found some interesting 
differences in /boot/loader.conf.  Here are some lines from the USB install:

     geli_da0s1d_keyfile0_load="YES"
     geli_da0s1d_keyfile0_name="/boot/encryption.key"
     geli_da0s1d_keyfile0_type="da0s1d:geli_keyfile0"


And here are the corresponding lines from the SSD install:

     geli_ada0s1d_keyfile0_load="YES"
     geli_ada0s1d_keyfile0_name="/boot/encryption.key"
     geli_ada0s1d_keyfile0_type="ada0s1d:geli_keyfile0"


So, the device name for the GELI provider containing the root filesystem 
is hard-coded into the names of variables set in loader.conf(5).


If I burn the SSD install image to USB, boot a USB FreeBSD installer 
into a shell, remount root read-write:

     # mount -o rw /dev/ufs/FreeBSD_Install /

Import the bootpool on the USB image:

     # zpool import -f -d /dev -R /mnt bootpool

Edit the variables in /mnt/bootpool/boot/loader.conf, move aside 
/mnt/bootpool/boot/zfs/zpool.cache, shutdown, remove the USB installer, 
and boot the USB image, it works!


David


References:

[1] https://www.freebsd.org/doc/handbook/boot-introduction.html

[2] loader(8)

[3] loader.conf(5)

[4] mount(8)

[5] zpool(8)

More information about the freebsd-questions mailing list