Re: UEFI and cgd

[Alexander Nasonov <alnsn%yandex.ru@localhost>]

Stephan Marwedel wrote:
> I have a working installation of NetBSD 8.0 with CGD configured on a i386
> machine.
> 
> I have recently switch to a more modern machine which only boots using UEFI.
> 
> I managed to install NetBSD 8.0 with the instructions provide in the Wiki.
> 
> Question: How to configure this installation for full disk encryption with
> CGD?
> 
> On my i386 box I have only one partition or wedge for the whole system.
> Within that partition I created a small root partition that is not encrypted
> and a CGD device that holds the rest of the system. As I understood from the
> UEFI documentation, I need to create several partitions or wedges, e,g.
> root, usr, home and swap and prepare them for installation. Do I need to
> create just two partitions, one for root and one for CGD for full disk
> encryption? How to I tell the installer to install the system on the CGD?
> 
> Currently, I can only install the system on an unencrypted disk. I was not
> successful so far with CGD.

It's not only you, I tried to install a fully encrypted system with
sysinst several times but it never worked. I sticked to a manual
installation.

I usually tweak cgdroot.rc in the tree and use a custom cgdroot.kmod.
I also create a small ffs partition for cgd configs (/etc/cgd/*
files) but it should be possible to store them in efi partition
(not sure about the kernel, though).  The rest of the disk is one
big cgd wedge.

-- 
Alex