diff --git a/content/posts/uefi-full-disk-encryption.md b/content/posts/uefi-full-disk-encryption.md index 4170916..cbd79bd 100644 --- a/content/posts/uefi-full-disk-encryption.md +++ b/content/posts/uefi-full-disk-encryption.md @@ -23,7 +23,7 @@ It has been a painful experience, full of bugs and kernel panics. I've post some of them in the Fediverse. Like [here](https://mastodon.bsd.cafe/@release_candidate/112520904317829098) and [here](https://mastodon.bsd.cafe/@release_candidate/112128737628556050). -One of the weakest point that I've seen in NetBSD is the installer. +One of the weakest points that I've seen in NetBSD is the installer. If you need a simple installation it just works ™. But as soon as you need some complex setup, like RAID mixed with encrypted partitions, or something similar, the installer is subpar. You will face some segfault from the installer, a kernel panic or another surprise. @@ -39,7 +39,7 @@ Now, even today I have no idea how to have actual full disk encryption with NetB I've seen [a wonderful tutorial for full-disk encryption for MBR-based systems](https://www.unitedbsd.com/d/461-netbsd-full-disk-encryption-with-cgd), but not for UEFI. And my laptop doesn't really like to boot in old MBR mode. -Following the [documentation of CGD drives](https://www.netbsd.org/docs/guide/en/chap-cgd.html#chap-cgd-example) and [the documentation on UEFI installations](https://wiki.netbsd.org/Installation_on_UEFI_systems/), I have a semi-full disk encryption. +Following the [documentation on CGD drives](https://www.netbsd.org/docs/guide/en/chap-cgd.html#chap-cgd-example) and [the documentation on UEFI installations](https://wiki.netbsd.org/Installation_on_UEFI_systems/), I have a semi-full disk encryption. With plain-text root file-system, and encrypted `/home`, `/usr`, `/var` and swap. So, without further complaints, this is the way I have some disk encryption in UEFI systems with NetBSD. @@ -340,7 +340,8 @@ wscons=YES `rc_configured=YES` is important, otherwise the system will always boot in single-user mode. These are the variables I use for a new system. -For example, my network device is `wm0`, +For example, my network device is `wm0`. +And this example hostname is `marte.local`. Your network card and requirements may be different. # Unmount and reboot @@ -373,7 +374,7 @@ In the new system you may need to change root password: # passwd ``` -Install pkgin: +Install pkgin. ``` PATH="/usr/pkg/sbin:/usr/pkg/bin:$PATH" @@ -383,14 +384,14 @@ PKG_PATH="http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/10.0/All/" # pkg_add pkgin ``` -And add a new user: +And add a new user. ``` # useradd -m -G wheel -k /etc/skel vsis ``` -And, of course RTFM: +And, of course, RTFM. ``` # man afterboot