Skip to content

Instantly share code, notes, and snippets.

@alexkay
Last active March 27, 2020 08:36
Show Gist options
  • Save alexkay/2566869 to your computer and use it in GitHub Desktop.
Save alexkay/2566869 to your computer and use it in GitHub Desktop.
Mirrored encrypted FreeBSD install
# Start with the setup normally, then select "Shell" at the partitioning step.
# Check device names
camcontrol devlist
# Create a gpt and a bootstrap partition
gpart destroy -F ada0
gpart create -s gpt ada0
gpart add -a 4k -t freebsd-boot -s 64k ada0
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0
# /boot
gpart add -a 4k -t freebsd-ufs -s 1g ada0
newfs -S 4096 ada0p2
# swap and root
gpart add -a 4k -t freebsd-swap -s 4g ada0
gpart add -a 4k -t freebsd-ufs ada0
# Clone to ada1
gpart backup ada0 | gpart restore -F ada1
# Mirrors
gmirror load
gmirror label -v p1 /dev/ada0p1
gmirror label -v p2 /dev/ada0p2
gmirror label -v p3 /dev/ada0p3
gmirror label -v p4 /dev/ada0p4
gmirror insert -v p1 /dev/ada1p1
gmirror insert -v p2 /dev/ada1p2
gmirror insert -v p3 /dev/ada1p3
gmirror insert -v p4 /dev/ada1p4
gmirror status # wait until all is synced
# Encrypt p4
geli load
geli init -bl 256 mirror/p4
geli attach mirror/p4
newfs -S 4096 -j /dev/mirror/p4.eli
# Mounting
mount /dev/mirror/p4.eli /mnt
mkdir /mnt/boot2
cd /mnt
mount /dev/mirror/p2 /mnt/boot2
mkdir boot2/boot
ln -s boot2/boot boot
# Add these lines to /mnt/boot/loader.conf
geom_mirror_load="YES"
geom_eli_load="YES"
vfs.root.mountfrom="ufs:/dev/mirror/p4.eli"
# Add to /tmp/bsdinstall_etc/fstab
/dev/mirror/p2 /mnt/boot ufs rw 2 2
/dev/mirror/p3.eli none swap sw 0 0
/dev/mirror/p4.eli / ufs rw 1 1
# After the installation, replace /mnt/boot with /boot2 in /etc/fstab
# Then add to /etc/rc.conf:
geli_swap_flags="-d -l 256"
@alexkay
Copy link
Author

alexkay commented Apr 23, 2016

@Barmy, thank you for suggesting the edits, all done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment