Requirments:
- FreeBSD 8.0-RELEASE (DVD ISO)
- USB pendrive
Description
During FreeBSD instalation we have to choose Fixit option in sysinstall and load below modules:
Fixit# kldload /mnt2/boot/kernel/opensolaris.ko
Fixit# kldload /mnt2/boot/kernel/zfs.ko
Fixit# kldload /mnt2/boot/kernel/zlib.ko
Fixit# kldload /mnt2/boot/kernel/crypto.ko
Fixit# kldload /mnt2/boot/kernel/geom_eli.ko
Now insert USB drive and prepare GPT disks:
Fixit# gpart create -s gpt da0Geli preparation:
Fixit# gpart add -s 64K -t freebsd-boot da0
Fixit# gpart add -t freebsd-zfs da0
Fixit# gpart bootcode -b /mnt2/boot/pmbr -p /mnt2/boot/gptzfsboot -i 1 da0
Fixit# gpart create -s gpt ad0
Fixit# gpart add -s 1G -t freebsd-swap ad0
Fixit# gpart add -t freebsd-zfs ad0
Fixit# gpart show ad0
Fixit# mkdir /var/backupsNow its time to create crypted ZFS
Fixit# zpool create zusb /dev/da0p2
Fixit# zfs set checksum=fletcher4 zusb
Fixit# zfs create zusb/keys
Fixit# dd if=/dev/random of=/zusb/keys/ad0p2.key0 bs=128k count=1
Fixit# geli init -s 4096 -b -K /zusb/keys/ad0p2.key0 /dev/ad0p2
Enter new passphrase: (enter your passphrase)Fixit# geli attach -k /zusb/keys/ad0p2.key0 /dev/ad0p2
Reenter new passphrase:
Enter passphrase:
Fixit# mkdir /boot/zfsInstalling FreeBSD:
Fixit# zpool create zfbsd /dev/ad0p2.eli
Fixit# zpool set bootfs=zfbsd zfbsd
Fixit# zfs set checksum=fletcher4 zfbsd
Fixit# zfs create zfbsd/tmp
Fixit# zfs create zfbsd/usr
Fixit# zfs create zfbsd/usr/home
Fixit# cd zfbsd ; ln -s /usr/home home
Fixit# zfs create zfbsd/var
Fixit# cd /dist/8.0-*
Fixit# export DESTDIR=/zfbsd
Fixit# for dir in base catpages dict doc games info proflibs manpages ports; \
do (cd $dir ; ./install.sh) ; done
Fixit# cd src ; ./install.sh all
Fixit# cd ../kernels ; ./install.sh generic
Fixit# cd /zfbsd/boot ; cp -Rlp GENERIC/* /zfbsd/boot/kernel/
Fixit# chroot /zfbsd
Fixit# echo 'zfs_enable="YES"' > /etc/rc.conf
Fixit# echo 'hostname="FreeBSD"' >> /etc/rc.conf
Fixit# echo 'zfs_load="YES"' > /boot/loader.conf
Fixit# echo 'vfs.root.mountfrom="zfs:zusb"' >> /boot/loader.conf
Fixit# echo 'geom_eli_load="YES"' >> /boot/loader.conf
Fixit# echo 'geli_ad0p2_keyfile0_load="YES"' >> /boot/loader.conf
Fixit# echo 'geli_ad0p2_keyfile0_type="ad0p2:geli_keyfile0"' >> /boot/loader.conf' >> /boot/loader.conf
Fixit# echo 'geli_ad0p2_keyfile0_name="/keys/ad0p2.key0"
Fixit# echo 'LOADER_ZFS_SUPPORT=YES' > /etc/src.conf
Fixit# mount -t devfs devfs /dev
Fixit# export DESTDIR=""
Fixit# cd /usr/src/sys/boot/
Fixit# make obj
Fixit# make depend
Fixit# make
Fixit# cd i386/loader
Fixit# make install
Fixit# passwd
Fixit# tzsetup
Fixit# cd /etc/mail
Fixit# make aliases
Fixit# umount /dev
Fixit# exit
Fixit# cp /boot/zfs/zpool.cache /zfbsd/boot/zfs/zpool.cacheNow reboot and start your fresh FreeBSD from your pendrive to decrypt the OS
Fixit# cat << EOF > /zroot/etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ad0p1 none swap sw 0 0
EOF
Fixit# export LD_LIBRARY_PATH=/mnt2/lib
Fixit# cp -Rp /zfbsd/boot /zusb/
Fixit# zfs unmount -a
Fixit# zfs set mountpoint=legacy zfbsd
Fixit# zfs set mountpoint=/tmp zfbsd/tmp
Fixit# zfs set mountpoint=/usr zfbsd/usr
Fixit# zfs set mountpoint=/var zfbsd/var
Fixit# zfs set mountpoint=/keys zusb/keys; exit
Extensions:
mount usb pool:
#zpool import zusbunmount usb pool:
#zpool export zusb
Encrypted swap partition setup:
# geli onetime -d -e 3des ad0p1
# swapon /dev/ad0p1.eli
Resources:
No comments:
Post a Comment