Compare commits

..

No commits in common. "1a6c83140a01657d2b91d2e47494bd02b5d10f4b" and "2dd946d030802ac33140e3d7488ae103e090c6f6" have entirely different histories.

View file

@ -23,8 +23,8 @@ It has been a painful experience, full of bugs and kernel panics.
I've post some of them in the Fediverse.
Like [here](https://mastodon.bsd.cafe/@release_candidate/112520904317829098) and [here](https://mastodon.bsd.cafe/@release_candidate/112128737628556050).
One of the weakest points that I've seen in NetBSD is the installer.
If you need a simple installation *it just works* ™.
One of the weakest point that I've seen in NetBSD is the installer.
If you need a simple installation it just works ™.
But as soon as you need some complex setup, like RAID mixed with encrypted partitions, or something similar, the installer is subpar.
You will face some segfault from the installer, a kernel panic or another surprise.
@ -39,7 +39,7 @@ Now, even today I have no idea how to have actual full disk encryption with NetB
I've seen [a wonderful tutorial for full-disk encryption for MBR-based systems](https://www.unitedbsd.com/d/461-netbsd-full-disk-encryption-with-cgd), but not for UEFI.
And my laptop doesn't really like to boot in old MBR mode.
Following the [documentation on CGD drives](https://www.netbsd.org/docs/guide/en/chap-cgd.html#chap-cgd-example) and [the documentation on UEFI installations](https://wiki.netbsd.org/Installation_on_UEFI_systems/), I have a semi-full disk encryption.
Following the [documentation of CGD drives](https://www.netbsd.org/docs/guide/en/chap-cgd.html#chap-cgd-example) and [the documentation on UEFI installations](https://wiki.netbsd.org/Installation_on_UEFI_systems/), I have a semi-full disk encryption.
With plain-text root file-system, and encrypted `/home`, `/usr`, `/var` and swap.
So, without further complaints, this is the way I have some disk encryption in UEFI systems with NetBSD.
@ -299,8 +299,8 @@ Now I edit fstab to mount the CGD partitions.
```
# vi /targetroot/etc/fstab
```
```
# cat /targetroot/etc/fstab
# NetBSD /etc/fstab
# See /usr/share/examples/fstab/ for more examples.
NAME=NetBSD / ffs rw 1 1
@ -322,8 +322,8 @@ The file rc.confg also needs to be edited
```
# vi /targetroot/etc/rc.conf
```
```
rc_configured=YES
# Add local overrides below.
@ -340,8 +340,7 @@ wscons=YES
`rc_configured=YES` is important, otherwise the system will always boot in single-user mode.
These are the variables I use for a new system.
For example, my network device is `wm0`.
And this example hostname is `marte.local`.
For example, my network device is `wm0`,
Your network card and requirements may be different.
# Unmount and reboot
@ -374,7 +373,7 @@ In the new system you may need to change root password:
# passwd
```
Install pkgin.
Install pkgin:
```
PATH="/usr/pkg/sbin:/usr/pkg/bin:$PATH"
@ -384,14 +383,14 @@ PKG_PATH="http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/10.0/All/"
# pkg_add pkgin
```
And add a new user.
And add a new user:
```
# useradd -m -G wheel -k /etc/skel vsis
```
And, of course, RTFM.
And, of course RTFM:
```
# man afterboot
@ -403,8 +402,4 @@ This is the method I use to install a semi-full disk encrypted NetBSD system.
I may add RAID devices, LVM, multiple disks, etc.
Then mount everything under `/targetroot` and extract the sets.
The restriction is in the root file-system.
It needs to be in plain-text and in a regular partition.
It seems to me that rootfs in CGD or LVM is not well supported.
I may be biased by [the Arch way](https://wiki.archlinux.org/title/installation_guide) to install the system, but I find this method better than the installer.