Warner Losh
2019-Jan-26 20:10 UTC
Not sure if this is the correct place.... (laptop, dual-boot EFI)
On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger <karl at denninger.net> wrote:> Further question.... does boot1.efi (which I assume has to be placed on > the EFI partition and then something like rEFInd can select it) know how > to handle a geli-encrypted primary partition (e.g. for root/boot so I > don't need an unencrypted /boot partition), and if so how do I tell it > that's the case and to prompt for the password? >Not really. The whole reason we ditched boot1.efi is because it is quite limited in what it can do. You must loader.efi for that.> (If not I know how to set up for geli-encryption using a non-encrypted > /boot partition, but my understanding is that for 12 the loader was > taught how to handle geli internally and thus you can now install 12 -- > at least for ZFS -- with encryption on root. However, that wipes the > disk if you try to select it in the installer, so that's no good -- and > besides, on a laptop zfs is overkill.) >For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not and will not grow that functionality. Warner> Thanks! > > On 1/26/2019 08:08, Kamila Sou?kov? wrote: > > I'm just booting the installer, going to do this on my X1 Carbon (5th > gen), > > and I'm planning to use the efibootmgr entry first (which is sufficient > for > > booting), and later I might add rEFInd if I feel like it. I'll be posting > > my steps online, I can post the link once it's out there if you're > > interested. > > > > I'm very curious about HW support on the 6th gen Carbon, it'd be great to > > hear how it goes. > > > > Have fun! > > > > Kamila > > > > On Sat, 26 Jan 2019, 06:54 Kyle Evans, <kevans at freebsd.org> wrote: > > > >> On Fri, Jan 25, 2019 at 6:30 PM Jonathan Chen <jonc at chen.org.nz> wrote: > >>> On Sat, 26 Jan 2019 at 13:00, Karl Denninger <karl at denninger.net> > wrote: > >>> [...] > >>>> I'd like to repartition it to be able to dual boot it much as I do > with > >>>> my X220 (I wish I could ditch Windows entirely, but that is just not > >>>> going to happen), but I'm not sure how to accomplish that in the EFI > >>>> world -- or if it reasonably CAN be done in the EFI world. > Fortunately > >>>> the BIOS has an option to turn off secure boot (which I surmise from > >>>> reading the Wiki FreeBSD doesn't yet support) but I still need a means > >>>> to select from some reasonably-friendly way *what* to boot. > >>> The EFI partition is just a MS-DOS partition, and most EFI aware BIOS > >>> will (by default) load /EFI/Boot/boot64.efi when starting up. On my > >>> Dell Inspiron 17, I created /EFI/FreeBSD and copied FreeBSD's > >>> /boot/loader.efi to /EFI/FreeBSD/boot64.efi. My laptop's BIOS setup > >>> allowed me to specify a boot-entry to for \EFI\FreeBSD\boot64.efi. On > >>> a cold start, I have to be quick to hit the F12 key, which then allows > >>> me to specify whether to boot Windows or FreeBSD. I'm not sure how > >>> Lenovo's BIOS setup works, but I'm pretty sure that it should have > >>> something similar. > >>> > >> Adding a boot-entry can also be accomplished with efibootmgr. This is > >> effectively what the installer in -CURRENT does, copying loader to > >> \EFI\FreeBSD on the ESP and using efibootmgr to insert a "FreeBSD" > >> entry for that loader and activating it. > >> _______________________________________________ > >> freebsd-stable at freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-stable > >> To unsubscribe, send any mail to " > freebsd-stable-unsubscribe at freebsd.org" > >> > > _______________________________________________ > > freebsd-stable at freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org > " > -- > Karl Denninger > karl at denninger.net <mailto:karl at denninger.net> > /The Market Ticker/ > /[S/MIME encrypted email preferred]/ >
Karl Denninger
2019-Jan-26 20:26 UTC
Not sure if this is the correct place.... (laptop, dual-boot EFI)
?1/26/2019 14:10, Warner Losh wrote:> > > On Sat, Jan 26, 2019 at 1:01 PM Karl Denninger <karl at denninger.net > <mailto:karl at denninger.net>> wrote: > > Further question....? does boot1.efi (which I assume has to be > placed on > the EFI partition and then something like rEFInd can select it) > know how > to handle a geli-encrypted primary partition (e.g. for root/boot so I > don't need an unencrypted /boot partition), and if so how do I tell it > that's the case and to prompt for the password? > > > Not really. The whole reason we ditched boot1.efi is because it is > quite limited in what it can do. You must loader.efi for that. > ? > > (If not I know how to set up for geli-encryption using a non-encrypted > /boot partition, but my understanding is that for 12 the loader was > taught how to handle geli internally and thus you can now install > 12 -- > at least for ZFS -- with encryption on root.? However, that wipes the > disk if you try to select it in the installer, so that's no good > -- and > besides, on a laptop zfs is overkill.) > > > For MBR stuff, yes. For loader.efi, yes. For boot1.efi, no: it did not > and will not grow that functionality. > > Warner > ?Ok, next dumb question -- can I put loader.efi in the EFI partition under EFI/FreeBSD as "bootx64.efi" there (from reading mailing list archives that appears to be yes -- just copy it in) and, if yes, how do I "tell" it that when it finds the freebsd-ufs partition on the disk it was started from (which, if I'm reading correctly, it will scan and look for) that it needs to geli attach the partition before it dig into there and find the rest of what it needs to boot? That SHOULD allow me to use an EFI boot manager to come up on initial boot, select FreeBSD and the loader.efi (named as bootx64.efi in EFI/FreeBSD) code will then boot the system. I've looked as the 12-RELEASE man page(s) and it's not obvious how you tell the loader to look for the partition and then attach it via GELI (prompting for the password of course) before attempting to boot it; obviously a "load" directive (e.g. geom_eli_load ="YES") makes no sense as the thing you'd "load" is on the disk you'd be loading it from and its encrypted.. .never mind that loader.conf violates the 8.3 filename rules for a DOS filesystem. Thanks! -- Karl Denninger karl at denninger.net <mailto:karl at denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4897 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20190126/d9eb6130/attachment.bin>