diff --git a/content/posts/uefi-full-disk-encryption.md b/content/posts/uefi-full-disk-encryption.md index cbd79bd..c92f860 100644 --- a/content/posts/uefi-full-disk-encryption.md +++ b/content/posts/uefi-full-disk-encryption.md @@ -24,7 +24,7 @@ I've post some of them in the Fediverse. Like [here](https://mastodon.bsd.cafe/@release_candidate/112520904317829098) and [here](https://mastodon.bsd.cafe/@release_candidate/112128737628556050). One of the weakest points that I've seen in NetBSD is the installer. -If you need a simple installation it just works ™. +If you need a simple installation *it just works* ™. But as soon as you need some complex setup, like RAID mixed with encrypted partitions, or something similar, the installer is subpar. You will face some segfault from the installer, a kernel panic or another surprise. @@ -299,8 +299,8 @@ Now I edit fstab to mount the CGD partitions. ``` # vi /targetroot/etc/fstab - -# cat /targetroot/etc/fstab +``` +``` # NetBSD /etc/fstab # See /usr/share/examples/fstab/ for more examples. NAME=NetBSD / ffs rw 1 1 @@ -322,8 +322,8 @@ The file rc.confg also needs to be edited ``` # vi /targetroot/etc/rc.conf - - +``` +``` rc_configured=YES # Add local overrides below. @@ -403,4 +403,8 @@ This is the method I use to install a semi-full disk encrypted NetBSD system. I may add RAID devices, LVM, multiple disks, etc. Then mount everything under `/targetroot` and extract the sets. +The restriction is in the root file-system. +It needs to be in plain-text and in a regular partition. +It seems to me that rootfs in CGD or LVM is not well supported. + I may be biased by [the Arch way](https://wiki.archlinux.org/title/installation_guide) to install the system, but I find this method better than the installer.