[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cgd on root
Jan Danielsson-3 wrote:
> Hello all,
> I have a new laptop, on which I want to use a cgd'd root. I assumed I
> would run into the same problems I encountered on my other computer, and
> I was right (see PR 36963). In fact, it was even worse -- I couldn't
> even get it to create multiple ttyE's; I was stuck with the console.
> Installing without init.root makes the system a lot more useful. (Both
> systems are running NetBSD/amd64 4.0).
> So, it's pretty obvious what I need to do: I need to implement an
> alternative way of getting cgd on root (or, rather, root on cgd).
> I've been reading source code for the last couple of days, to get an
> idea of where to start.
> This is what I am thinking.
> The following are added to the kernel-config:
> option CGD_IS_ROOT
> option CGDROOT_HW_DEV wd0a
> option CGDROOT_DEV cgd0
> option CGDROOT_PARAMFILE rootkey0
> So, what does this mean? The first option is straightforward. The
> second tells the kernel which slice which contains the cgd'd root. The
> third the cgd device, and the fourth requires some explaining.
> The big question is where to store the cgd parameter file. My goal is
> to be able to boot from an USB memory stick. It should contain the
> kernel I boot from, and the parameter file, so I have a separation
> between the hard drive containing the root, and the parameter file.
> But how do I read the parameter file without a root file system (I
> don't want to have to mount root on the memory key, because then I'd be
> stuck with it, afaict. And a memory disk would just lead to the troubles
> of init.root). I was thinking about sticking the parameter file in a
> kernel device. Something like "mdsetimage", but which stores an
> arbistrary file in a kernel image.
> makekerndevfile <kernel> <devname> <filename>
> # makekerndevfile netbsd rootkey0 ~/rootkey.cgd
> When the kernel boots, it can access the contents of the file as a
> device (rootkey0), without using a filesystem. I'm not particularly fond
> of this idea, to be honest, but it'll get the work done.
> I got the tip, on IRC, to look into using property lists for storing
> the parameter file. Is this a route I should look into more? What files
> are relevant to read if I want to understand more about them?
> The problems, as far as I can see:
> 1) N-factor keys won't be supported (easily).
> 2) Hardcoding root to be located on the 'a'-slice in the cgd-device
> maybe isn't the neatest of solutions, but it'll do for now.
> 3) Recursive cgd container configurations aren't supported (are they
> Come to think of it, it would be much better if CGD_IS_ROOT,
> CGDROOT_HW_DEV, CGDROOT_DEV, CGDROOT_PARAMFILE could simply use the
> "config netbsd root on ? type ?" configuration specification in some
> config netbsd root on cgd0a
> Hmm.. I need to look into that.
> Ideas, hints, tips, requests are very welcome.
> Questions will surely follow.
> Kind regards,
> Jan Danielsson
If you want to protect /root only, why not create a symlink for root "ln -s
/home/root /root"? /home is in cgd of course. It works.
View this message in context:
Sent from the tech-kern mailing list archive at Nabble.com.
Main Index |
Thread Index |