Subject: Re: initramfs - CGD root
To: Lubomir Sedlacik <salo@Xtrmntr.org>
From: Jan Danielsson <jan.m.danielsson@gmail.com>
List: netbsd-users
Date: 07/01/2007 01:18:21
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Lubomir Sedlacik wrote:
>>> Quick question. Is it at all possible to boot NetBSD from a USB
>>> memory key? If so, is it possible to do so that I can boot from it, then
>>> remove it once the system is running?
>>>
>>> As you have (probably) already gathered, I want to encrypt /, and I'd
>>> like to physically separate the key from the hard drive.
>> Theoretically it should be possible to use md(4) to create
>> a minimal enviroment with an /etc/rc that configures a cgd,
>> mounts it over / and jumpstarts the new /etc/rc.
>> I've been meaning to try that approach when I get around to
>> upgrading my laptop.
> 
> i am using such setup for more than two years now so i would be tempted
> to say it is possible.

   Ok, let me ask you if I have have understood the theory.

   First, you build a kernel with the options:

options	MEMORY_DISK_HOOKS
options	MEMORY_DISK_IS_ROOT

   Then:

   $ dd if=/dev/zero of=myroot.img bs=<somesize> count=<somesize>

   .. mount myroot.img to vnd0, or something...

   .. create a file system in the file myroot.img ..

   .. copy the essential initialization files to the new image ..

   .. configure /etc ..

   .. run mdsetimage netbsd myroot.img ...

   As far as I have gathered, this is basically all I need to start it
up. I just need to make my memory key bootable (which I have been able
to do previously, if memory serves me correctly).

   The part I don't understand is what Tobias explains as: "a minimal
enviroment with an /etc/rc that configures a cgd, mounts it over / and
jumpstarts the new /etc/rc."

   Is it possible to "switch over" a root from a one device to another?
(In this case, the memory disk, to a cgd0 device).

   Also, I assume there will be some "memory wastage" even if switching
roots works, because the memory disk can not be freed? (Though I don't
even know how/where it is allocated).


- --
Kind regards,
Jan Danielsson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)

iD8DBQFGhuS8uPlHKFfKXTYRCjXUAJ9gMQeVkIG3pKtPBZUhSVLWs+FCewCfZclo
QYkTBN65V8BaYmWDo8smBXE=
=S0C+
-----END PGP SIGNATURE-----