Compare commits
2 commits
2dd946d030
...
1a6c83140a
Author | SHA1 | Date | |
---|---|---|---|
|
1a6c83140a | ||
|
9ec83035d4 |
1 changed files with 16 additions and 11 deletions
|
@ -23,8 +23,8 @@ It has been a painful experience, full of bugs and kernel panics.
|
||||||
I've post some of them in the Fediverse.
|
I've post some of them in the Fediverse.
|
||||||
Like [here](https://mastodon.bsd.cafe/@release_candidate/112520904317829098) and [here](https://mastodon.bsd.cafe/@release_candidate/112128737628556050).
|
Like [here](https://mastodon.bsd.cafe/@release_candidate/112520904317829098) and [here](https://mastodon.bsd.cafe/@release_candidate/112128737628556050).
|
||||||
|
|
||||||
One of the weakest point that I've seen in NetBSD is the installer.
|
One of the weakest points that I've seen in NetBSD is the installer.
|
||||||
If you need a simple installation it just works ™.
|
If you need a simple installation *it just works* ™.
|
||||||
But as soon as you need some complex setup, like RAID mixed with encrypted partitions, or something similar, the installer is subpar.
|
But as soon as you need some complex setup, like RAID mixed with encrypted partitions, or something similar, the installer is subpar.
|
||||||
You will face some segfault from the installer, a kernel panic or another surprise.
|
You will face some segfault from the installer, a kernel panic or another surprise.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ Now, even today I have no idea how to have actual full disk encryption with NetB
|
||||||
I've seen [a wonderful tutorial for full-disk encryption for MBR-based systems](https://www.unitedbsd.com/d/461-netbsd-full-disk-encryption-with-cgd), but not for UEFI.
|
I've seen [a wonderful tutorial for full-disk encryption for MBR-based systems](https://www.unitedbsd.com/d/461-netbsd-full-disk-encryption-with-cgd), but not for UEFI.
|
||||||
And my laptop doesn't really like to boot in old MBR mode.
|
And my laptop doesn't really like to boot in old MBR mode.
|
||||||
|
|
||||||
Following the [documentation of CGD drives](https://www.netbsd.org/docs/guide/en/chap-cgd.html#chap-cgd-example) and [the documentation on UEFI installations](https://wiki.netbsd.org/Installation_on_UEFI_systems/), I have a semi-full disk encryption.
|
Following the [documentation on CGD drives](https://www.netbsd.org/docs/guide/en/chap-cgd.html#chap-cgd-example) and [the documentation on UEFI installations](https://wiki.netbsd.org/Installation_on_UEFI_systems/), I have a semi-full disk encryption.
|
||||||
With plain-text root file-system, and encrypted `/home`, `/usr`, `/var` and swap.
|
With plain-text root file-system, and encrypted `/home`, `/usr`, `/var` and swap.
|
||||||
|
|
||||||
So, without further complaints, this is the way I have some disk encryption in UEFI systems with NetBSD.
|
So, without further complaints, this is the way I have some disk encryption in UEFI systems with NetBSD.
|
||||||
|
@ -299,8 +299,8 @@ Now I edit fstab to mount the CGD partitions.
|
||||||
|
|
||||||
```
|
```
|
||||||
# vi /targetroot/etc/fstab
|
# vi /targetroot/etc/fstab
|
||||||
|
```
|
||||||
# cat /targetroot/etc/fstab
|
```
|
||||||
# NetBSD /etc/fstab
|
# NetBSD /etc/fstab
|
||||||
# See /usr/share/examples/fstab/ for more examples.
|
# See /usr/share/examples/fstab/ for more examples.
|
||||||
NAME=NetBSD / ffs rw 1 1
|
NAME=NetBSD / ffs rw 1 1
|
||||||
|
@ -322,8 +322,8 @@ The file rc.confg also needs to be edited
|
||||||
|
|
||||||
```
|
```
|
||||||
# vi /targetroot/etc/rc.conf
|
# vi /targetroot/etc/rc.conf
|
||||||
|
```
|
||||||
|
```
|
||||||
rc_configured=YES
|
rc_configured=YES
|
||||||
|
|
||||||
# Add local overrides below.
|
# Add local overrides below.
|
||||||
|
@ -340,7 +340,8 @@ wscons=YES
|
||||||
`rc_configured=YES` is important, otherwise the system will always boot in single-user mode.
|
`rc_configured=YES` is important, otherwise the system will always boot in single-user mode.
|
||||||
|
|
||||||
These are the variables I use for a new system.
|
These are the variables I use for a new system.
|
||||||
For example, my network device is `wm0`,
|
For example, my network device is `wm0`.
|
||||||
|
And this example hostname is `marte.local`.
|
||||||
Your network card and requirements may be different.
|
Your network card and requirements may be different.
|
||||||
|
|
||||||
# Unmount and reboot
|
# Unmount and reboot
|
||||||
|
@ -373,7 +374,7 @@ In the new system you may need to change root password:
|
||||||
# passwd
|
# passwd
|
||||||
```
|
```
|
||||||
|
|
||||||
Install pkgin:
|
Install pkgin.
|
||||||
|
|
||||||
```
|
```
|
||||||
PATH="/usr/pkg/sbin:/usr/pkg/bin:$PATH"
|
PATH="/usr/pkg/sbin:/usr/pkg/bin:$PATH"
|
||||||
|
@ -383,14 +384,14 @@ PKG_PATH="http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/10.0/All/"
|
||||||
# pkg_add pkgin
|
# pkg_add pkgin
|
||||||
```
|
```
|
||||||
|
|
||||||
And add a new user:
|
And add a new user.
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
# useradd -m -G wheel -k /etc/skel vsis
|
# useradd -m -G wheel -k /etc/skel vsis
|
||||||
```
|
```
|
||||||
|
|
||||||
And, of course RTFM:
|
And, of course, RTFM.
|
||||||
|
|
||||||
```
|
```
|
||||||
# man afterboot
|
# man afterboot
|
||||||
|
@ -402,4 +403,8 @@ This is the method I use to install a semi-full disk encrypted NetBSD system.
|
||||||
I may add RAID devices, LVM, multiple disks, etc.
|
I may add RAID devices, LVM, multiple disks, etc.
|
||||||
Then mount everything under `/targetroot` and extract the sets.
|
Then mount everything under `/targetroot` and extract the sets.
|
||||||
|
|
||||||
|
The restriction is in the root file-system.
|
||||||
|
It needs to be in plain-text and in a regular partition.
|
||||||
|
It seems to me that rootfs in CGD or LVM is not well supported.
|
||||||
|
|
||||||
I may be biased by [the Arch way](https://wiki.archlinux.org/title/installation_guide) to install the system, but I find this method better than the installer.
|
I may be biased by [the Arch way](https://wiki.archlinux.org/title/installation_guide) to install the system, but I find this method better than the installer.
|
||||||
|
|
Loading…
Reference in a new issue