-*- Mode: Outline -*- BSD on a MacBook, take 2, 2011-02-20. * Plan A [Problem: I can't get the MacBook to boot NetBSD from an external disk.] USB drive with rEFIt and a vanilla NetBSD 5.1 installation, and a /netbsd.ramdisk set to be the default in boot.cfg, containing /etc/cgd/cgd.conf /etc/cgd/dk3 /etc/rc /mnt /sbin/cgdconfig /sbin/init /sbin/mount_ffs /sbin/mount_null /sbin/sysctl ** /etc/rc #!/bin/sh set -eu /sbin/cgdconfig -C /sbin/mount_ffs /dev/cgd1a /mnt /sbin/sysctl -w init.root=/mnt * Plan B [This is kinda silly -- it doesn't work against an evil maid.] Install NetBSD in an 80 GB GPT partition as a Xen dom0 with cgd on `root' using the init.root hack. Partition 0, 1 GB: efi Partition 1, 2 GB: swap (cgd0) Partition 2, 1 GB: noberon-root /boot.cfg /dev/* /etc/cgd/cgd.conf /etc/cgd/dk3 /etc/rc /mnt /netbsd /rescue/* Partition 3, 79 GB: noberon (cgd1) cgd1a: / cgd1e: /var cgd1f: /var/chroot cgd1g: /pkg cgd1h: /home Partition 4, &c.: other operating systems ** /etc/rc #!/bin/sh set -eu /sbin/cgdconfig cgd1 /dev/dk3 /sbin/mount_ffs /dev/cgd1a /mnt /sbin/sysctl -w init.root=/mnt ** Execution *** Step 1: Set up the GPT Why? The MacBook's firmware wants the disk to be formatted with a GPT. FIXME: Who cares, exactly? What part of EFI is involved? Let the target disk be sd0. (Boot the MacBook in Target Disk Mode, or take the disk out and put it in a generic USB enclosure, or whatever.) Delete any existing wedges that NetBSD has autodiscovered: # dkctl sd0 listwedges /dev/rsd0d: 3 wedges: dk0: ... dk1: ... dk2: ... # dkctl sd0 delwedge dk0 # dkctl sd0 delwedge dk1 # dkctl sd0 delwedge dk2 Nuke any existing MBR or GPT: # dd if=/dev/zero of=/dev/rsd0d bs=512 count=1024 1024+0 records in 1024+0 records out 524288 bytes transferred in 1.317 secs (398092 bytes/sec) The GPT is not yet gone because of a secondary GPT at the end of the disk: # gpt show sd0 start size index contents 0 976773135 976773135 32 Sec GPT table 976773167 1 Sec GPT header Nuke the secondary GPT: # dd if=/dev/zero of=/dev/rsd0d bs=512 seek=976773135 count=33 33+0 records in 33+0 records out 16896 bytes transferred in 0.034 secs (496941 bytes/sec) Confirm that the GPT is gone: # gpt show sd0 start size index contents 0 976773168 Create a GPT. I set LD_PRELOAD to a library that replaces uuidgen by a procedure that randomly generates version 4 UUIDs, rather than the kernel's uuidgen which generates them based on the local MAC address. # export LD_PRELOAD=/home/riastradh/misc/hacks/libuuidgen/libuuidgen.so # gpt create sd0 # gpt show sd0 start size index contents 0 1 PMBR 1 1 Pri GPT header 2 32 Pri GPT table 34 976773101 976773135 32 Sec GPT table 976773167 1 Sec GPT header Reserve the first gigabyte of the disk for EFI garbage (e.g., to play with rEFIt if desired). One gigabyte is 2097152 512-byte sectors. It starts at sector 34, so the total size will be 2097118 sectors. Name it `efi' for future reference. The indices start at 1. Use `gpt show sd0' if you forget where you are. # echo '1024 1024 1024 * * 512 / 34 - p q' | dc 2097118 # gpt add -s 2097118 -t efi sd0 Partition added, use: dkctl rsd0d addwedge dk 34 2097118 to create a wedge for it # gpt label -i 1 -l efi sd0 partition 1 on rsd0d labeled efi Reserve the next two gigabytes of the disk for swap space: enough for a full-memory core dump on a system with 2 GB RAM. Two gigabytes is 4194304 512-byte sectors. Label it `swap'. # echo '1024 1024 1024 2 * * * 512 / p q' | dc 4194304 # gpt add -s 4194304 -t swap sd0 Partition added, use: dkctl rsd0d addwedge dk 2097152 4194304 to create a wedge for it # gpt label -i 2 -l swap sd0 partition 2 on rsd0d labeled swap WARNING: Because this is labelled swap, NetBSD will dump here automatically unless you instruct it not to. The dump may include sensitive key material or pass phrases. Label it `cgd' rather than `swap' to avoid this. Reserve a gigabyte for an unencrypted root file system. # echo '1024 1024 1024 * * 512 / p q' | dc 2097152 # gpt add -s 2097152 -t ufs sd0 Partition added, use: dkctl rsd0d addwedge dk 6291456 2097152 to create a wedge for it # gpt label -i 3 -l noberon-root sd0 parition 3 on rsd0d labeled noberon-root Reserve another seventy-nine gigabytes for the rest of NetBSD in one big cgd. # echo '1024 1024 1024 79 * * * 512 / p q' | dc 165675008 # gpt add -s 165675008 -t cgd sd0 Partition added, use: dkctl rsd0d addwedge dk 8388608 165675008 to create a wedge for it # gpt label -i 4 -l noberon sd0 parition 4 on rsd0d labeled noberon Show the GPT. # gpt show sd0 start size index contents 0 1 PMBR 1 1 Pri GPT header 2 32 Pri GPT table 34 2097118 1 GPT part - EFI System 2097152 4194304 2 GPT part - NetBSD swap 6291456 2097152 3 GPT part - NetBSD UFS/UFS2 8388608 165675008 4 GPT part - NetBSD Cryptographic Disk 174063616 802709519 976773135 32 Sec GPT table 976773167 1 Sec GPT header Zero the EFI system partition and scrub the swap partition, just in case. # dd if=/dev/zero of=/dev/rsd0d bs=512 seek=34 count=2097118 # dd if=/dev/urandom of=/dev/rsd0d bs=512 seek=2097152 count=4194304 (This will take a while -- you can run it in the background, if you are sure you got all the numbers correct.) Now unplug the disk and plug it back in again, in order to make NetBSD autodiscover dkwedges. Assume the efi partition becomes dk0; the swap partition, dk1; noberon-root, dk2; and noberon, dk3. *** Step 2: Master Boot Record (fdisk) Why? Boot Camp wants the disk to be formatted with an MBR -- in fact, with an MBR that is bogus according to the GPT specification, which demands a single MBR entry covering the whole disk, or the first two terabytes if it is larger since the MBR can't handle >2TB disks, with the GPT Protective MBR sysid, #xee/238 (FIXME: citation, other than Wikipedia?). Edit the MBR to point at the bootable (unencrypted) root file system partition. There are some tools to do this (refit's gptsync, e.g.), but not on NetBSD. First show the MBR: # fdisk sd0 fdisk: Cannot determine the number of heads Disk: /dev/rsd0d NetBSD disklabel disk geometry: cylinders: 16383, heads: 16, sectors/track: 63 (1008 sectors/cylinder) total sectors: 976773168 BIOS disk geometry: cylinders: 1023, heads: 255, sectors/track: 63 (16065 sectors/cylinder) total sectors: 976773168 Partition table: 0: GPT Protective MBR (sysid 238) start 1, size 976773167 (476940 MB, Cyls 0/0/2-60801/80/63) PBR is not bootable: Bad magic number (0x0000) 1: 2: 3: No active partition. Change the GPT Protective MBR entry to cover only the GPT itself. This is necessary because the fdisk tool rejects overlapping MBR partitions. `-0' chooses the zeroth MBR entry; `-s 238/1/33' specifies the GPT Protective MBR sysid 238/#xee shown above, a start sector of 1, and a size of 33; `-i' installs NetBSD's boot code, so that the disk will be bootable; `-c /usr/mdec/mbr' selects the boot code without a boot menu (which doesn't work on the MacBook and which we don't need anyway unless multibooting); `-u' actually performs the update; and `-f' makes fdisk non-interactive. I believe the warning is harmless. # fdisk -0 -s 238/1/33 -i -c /usr/mdec/mbr -u -f sd0 fdisk: Cannot determine the number of heads Make an active partition for NetBSD (sysid 169/#xa9) with `-a': # fdisk -1 -s 169/6291456/2097152 -a -u -f sd0 Show the work: # fdisk sd0 Disk: /dev/rsd0d NetBSD disklabel disk geometry: cylinders: 16383, heads: 16, sectors/track: 63 (1008 sectors/cylinder) total sectors: 976773168 BIOS disk geometry: cylinders: 1024, heads: 255, sectors/track: 63 (16065 sectors/cylinder) total sectors: 976773168 Partition table: 0: GPT Protective MBR (sysid 238) start 1, size 33 (0 MB, Cyls 0/0/2-0/0/34) PBR is not bootable: Bad magic number (0x0000) 1: NetBSD (sysid 169) start 6291456, size 2097152 (1024 MB, Cyls 391/159/25-522/42/32), Active 2: 3: Bootselector enabled, timeout 10 seconds. First active partition: 1 Consider backing up this MBR, because if you install another operating system for multiboot operation (e.g., FreeBSD), it may scribble over the MBR. *** Step 3: NetBSD disklabel Is this necessary? Apparently not. (This section formerly advised the reader to make a disklabel for dk2, the unencrypted root file system partition, so that the boot loader would be happy with it.) *** Step 4: Configure cgd Generate a cgd parameters file: # cgdconfig -g -V ffs -o noberon.params aes-cbc 256 # cat noberon.params algorithm aes-cbc; iv-method encblkno1; keylength 256; verify_method ffs; keygen pkcs5_pbkdf2/sha1 { iterations 85177; salt ...; } Consider increasing the iteration count if the target machine is substantially faster than the one you're using. Configure a cgd for the noberon file system with a random key first, to scrub it. # cgdconfig cgd1 /dev/dk3 /dev/stdin < algorithm aes-cbc; > iv-method encblkno1; > keylength 256; > verify_method none; > keygen randomkey; > EOF This will take some time -- it has to write nearly eighty gigabytes of garbage to dk3. When done, unconfigure it: # cgdconfig -u cgd1 Use the real parameters file to configure a cgd for the noberon file system. Specify `-V re-enter' to override verifying the disk by looking for an FFS -- since we haven't mounted this yet, there's no FFS. # cgdconfig -V re-enter cgd1 /dev/dk3 ./noberon.params /dev/dk3's passphrase: re-enter device's passphrase: Print out the disklabel so we can edit it: # disklabel cgd1 > ./cgd1.disklabel Edit the disklabel to partition the seventy-nine gigabytes of cgd1. The setup will be: cgd1a, 2 GB for / cgd1e, 2 GB for /var cgd1f, 8 GB for /var/chroot cgd1g, 8 GB for /pkg cgd1h, 59 GB for /home The disklabel will be: type: cgd disk: cgd label: fictitious flags: bytes/sector: 512 sectors/track: 2048 tracks/cylinder: 1 sectors/cylinder: 2048 cylinders: 80896 total sectors: 165675008 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 8 partitions: # size offset fstype [fsize bsize cpg/sgs] a: 4194304 0 4.2BSD 0 0 0 d: 165675008 0 unused 0 0 # (Cyl. 0 - 80895) e: 4194304 4194304 4.2BSD 0 0 0 f: 16777216 8388608 4.2BSD 0 0 0 g: 16777216 25165824 4.2BSD 0 0 0 h: 123731968 41943040 4.2BSD 0 0 0 Save it to ./cgd1.disklabel and write (`restore') the disklabel to cgd1: # disklabel -R cgd1 ./cgd1.disklabel *** Step 5: Set up the file systems Create the file systems: # newfs /dev/rdk2 /dev/rdk2: 1024.0MB (2097152 sectors) block size 16384, fragment size 2048 using 6 cylinder groups of 170.67MB, 10923 blks, 21504 inodes. super-block backups (for fsck_ffs -b #) at: 32, 349568, 699104, 1048640, 1398176, 1747712, # newfs /dev/rcgd1a /dev/rcgd1a: 2048.0MB (4194304 sectors) block size 16384, fragment size 2048 using 12 cylinder groups of 170.67MB, 10923 blks, 21504 inodes. super-block backups (for fsck_ffs -b #) at: 32, 349568, 699104, 1048640, 1398176, 1747712, 2097248, 2446784, 2796320, ............................................................................... # newfs /dev/rcgd1e /dev/rcgd1e: 2048.0MB (4194304 sectors) block size 16384, fragment size 2048 using 12 cylinder groups of 170.67MB, 10923 blks, 21504 inodes. super-block backups (for fsck_ffs -b #) at: 32, 349568, 699104, 1048640, 1398176, 1747712, 2097248, 2446784, 2796320, ............................................................................... # newfs /dev/rcgd1f /dev/rcgd1f: 8192.0MB (16777216 sectors) block size 16384, fragment size 2048 using 45 cylinder groups of 182.05MB, 11651 blks, 23040 inodes. super-block backups (for fsck_ffs -b #) at: 32, 372864, 745696, 1118528, 1491360, 1864192, 2237024, 2609856, 2982688, ............................................................................... # newfs /dev/rcgd1g /dev/rcgd1g: 8192.0MB (16777216 sectors) block size 16384, fragment size 2048 using 45 cylinder groups of 182.05MB, 11651 blks, 23040 inodes. super-block backups (for fsck_ffs -b #) at: 32, 372864, 745696, 1118528, 1491360, 1864192, 2237024, 2609856, 2982688, ............................................................................... # newfs /dev/rcgd1h /dev/rcgd1h: 60416.0MB (123731968 sectors) block size 16384, fragment size 2048 using 328 cylinder groups of 184.20MB, 11789 blks, 23296 inodes. super-block backups (for fsck_ffs -b #) at: 32, 377280, 754528, 1131776, 1509024, 1886272, 2263520, 2640768, 3018016, ............................................................................... Mount them, in order, making the mount points if necessary: # rump_ffs /dev/rdk2 /mnt # mkdir /mnt/mnt # rump_ffs /dev/rcgd1a /mnt/mnt # mkdir /mnt/mnt/var # rump_ffs /dev/rcgd1e /mnt/mnt/var # mkdir /mnt/mnt/var/chroot # rump_ffs /dev/rcgd1f /mnt/mnt/var/chroot # mkdir /mnt/mnt/pkg # rump_ffs /dev/rcgd1g /mnt/mnt/pkg # mkdir /mnt/mnt/home # rump_ffs /dev/rcgd1h /mnt/mnt/home Create /etc in the encrypted root where we can put an fstab: # mkdir -p /mnt/mnt/etc Now edit it: /dev/cgd0b none swap sw 0 0 /dev/cgd1a / ffs ro,log,noatime,nodevmtime 1 1 /dev/cgd1e /var ffs rw,log,noatime,nodev,nosuid 1 2 /dev/cgd1f /var/chroot ffs rw,log,noatime,nodevmtime 1 2 /dev/cgd1g /pkg ffs rw,log,noatime,nodev 1 2 /dev/cgd1h /home ffs rw,log,noatime,nodev,nosuid 1 2 /pkg/local /usr/local null ro /dev/cd0a /cdrom cd9660 ro,noauto kernfs /kern kernfs rw procfs /proc procfs rw # ptyfs is borked, particularly if null-mounted for a chroot: # #ptyfs /dev/pts ptyfs rw tmpfs /tmp tmpfs rw,-m1777,-s1G Make a few more mount points. Some are not necessary; /tmp is in base.tgz, for example. # mkdir -p /mnt/mnt/cdrom # mkdir -p /mnt/mnt/dev/pts # mkdir -p /mnt/mnt/kern # mkdir -p /mnt/mnt/mnt # mkdir -p /mnt/mnt/pkg/local # mkdir -p /mnt/mnt/proc # mkdir -p /mnt/mnt/tmp # mkdir -p /mnt/mnt/usr/local # chmod 1777 /mnt/mnt/tmp *** Step 6: Install sets The file systems are all ready now. Extract the sets: # cd /path/to/i386/binary/sets # for s in *.tgz; do echo $s; progress -z -f $s tar -C /mnt/mnt -xpf -; done base.tgz 100% |***********************************| 86350 KiB 953.56 KiB/s 00:00 ETA comp.tgz 100% |***********************************| 155 MiB 644.96 KiB/s 00:00 ETA etc.tgz 100% |***********************************| 1610 KiB 341.71 KiB/s 00:00 ETA games.tgz 100% |***********************************| 7600 KiB 1.11 MiB/s 00:00 ETA kern-GENERIC.tgz 100% |***********************************| 11640 KiB 7.42 MiB/s 00:00 ETA man.tgz 100% |***********************************| 51350 KiB 394.30 KiB/s 00:00 ETA misc.tgz 100% |***********************************| 12770 KiB 851.24 KiB/s 00:00 ETA tests.tgz 100% |***********************************| 8490 KiB 1.13 MiB/s 00:00 ETA text.tgz 100% |***********************************| 9850 KiB 818.53 KiB/s 00:00 ETA Run postinstall to make sure everything's kosher. It's a shell script, so we can just run it on the host. # /mnt/mnt/usr/sbin/postinstall -s /path/to/i386/binary/sets/etc.tgz -d /mnt/mnt check If anything goes wrong, fix it: # /mnt/mnt/usr/sbin/postinstall -s /path/to/i386/binary/sets/etc.tgz -d /mnt/mnt fix Run MAKEDEV to make the necessary device nodes, which are not part of any set by default (why not? waiting for devfs instead, I guess). # cd /mnt/mnt/dev # sh MAKEDEV all *** Step 7: Make it bootable Make dk2 -- where the unencrypted root file system resides -- bootable, by installing the primary and secondary boot loaders. # cp -p /mnt/mnt/usr/mdec/boot /mnt/. # installboot -v /dev/rdk2 /mnt/mnt/usr/mdec/bootxx_ffsv1 File system: /dev/rdk2 Primary bootstrap: /mnt/mnt/usr/mdec/bootxx_ffsv1 Boot options: timeout 5, flags 0, speed 9600, ioaddr 0, console pc Set up the minimal unencrypted root file system. We need the kernel in /netbsd, the userland utilities in /rescue, /boot.cfg for convenience: # cd /mnt/mnt # pax -rw -pe ./netbsd ./rescue ./boot.cfg /mnt/. pax has done the right thing and preserved the links in /rescue, rather than making a bazillion copies of the same file: # cd /mnt # ls -li rescue/init rescue/sysctl 21505 -r-xr-xr-x 153 root wheel 4406968 Feb 21 19:24 rescue/init 21505 -r-xr-xr-x 153 root wheel 4406968 Feb 21 19:24 rescue/sysctl Everything normally from /bin and /sbin, such as init and sh, is in /rescue, so just make a symlink: # ln -s rescue /mnt/bin # ln -s rescue /mnt/sbin init requires /dev to exist with a MAKEDEV script or populated with devices, so set that up: # mkdir /mnt/dev # cp -p /mnt/mnt/dev/MAKEDEV /mnt/mnt/dev/MAKEDEV.local /mnt/dev/. Run the MAKEDEV script to create the device nodes. Not strictly necessary, but init wants to do this anyway in a tmpfs if you don't do it now, so this saves a tiny amount of time and memory later. # cd /mnt/dev # sh MAKEDEV all Create /etc/rc so that init will know what to do: #!/bin/sh set -eu # Dance around the lack of `/rescue/cgdconfig -l'... # FIXME: Could use the hw.disknames sysctl instead. if ! /rescue/mount | /rescue/grep -E '^/dev/cgd1a on /mnt/? type ffs ' \ >/dev/null 2>&1; if ! /rescue/cgdconfig cgd1 /dev/dk3 2>/dev/null; then if /rescue/cgdconfig -u cgd1 2>/dev/null; then /rescue/cgdconfig cgd1 /dev/dk3 fi fi # Reflect options in cgd1a:/etc/fstab. /rescue/mount_ffs -o ro,log,noatime,nodevmtime /dev/cgd1a /mnt fi /rescue/sysctl -w init.root=/mnt This will configure cgd1 on dk3 using parameters in /etc/cgd/dk3, mount the file system within it at /mnt, and tell init to chroot to /mnt. We need to place in /etc/cgd/dk3 the parameters file we created earlier: # mkdir /mnt/etc # mkdir /mnt/etc/cgd # cp /path/to/noberon.params /mnt/etc/cgd/dk3 And we also back up noberon.params somewhere else: # cp /path/to/noberon.params /super-reliable-usb-flash-stick-ha/. Now unmount all the file systems -- it's time to try booting. # umount /mnt/mnt/home # umount /mnt/mnt/pkg # umount /mnt/mnt/var/chroot # umount /mnt/mnt/var # umount /mnt/mnt # umount /mnt *** Step 8: Detach and boot Put the disk back into the MacBook and then boot. At first it will boot into single-user mode, in the unencrypted root file system, because the encrypted root file system's rc.conf has not been configured. You can work in the encrypted root file system by running # chroot /mnt so that you can have a full NetBSD installation at your disposal, rather than the minimal set of tools in /rescue. At this point you'll want to set TERM and some sh options to make it remotely usable: # export TERM=wsvt25 # set -o emacs # set -o tabcomplete Set up a randomkey cgd0 for swap space. Note that a randomkey cgd is fit only for a machine that a human will be operating, unless you have a hardware entropy generator. # cat </etc/cgd/cgd.conf > # cgd disk [paramsfile] > cgd0 /dev/dk1 # cgdconfig -g -k randomkey aes-cbc 256 > /etc/cgd/dk1 Note that this configuration file does not have cgd1 -- we configured that in the enclosing one. (Confusing? I chose cgd0 for swap and cgd1 for root because the machine from which I was doing the installation already had cgd0 -- for swap space -- so I could use cgd1 for the encrypted root on the target and host. Of course if I did this again, from the MacBook, cgd1 would be unavailable.) Turn it on: # cgdconfig -C Now we have to edit the disklabel to make it fit for swapping. We'll need to do this every time we configure cgd0, so we'll save it to the disk in /etc/cgd/dk1.disklabel for future reference: # disklabel cgd0 > /etc/cgd/cgd0.disklabel Edit it with your favourite editor...between ed, ex, vi, &c., anyway. Change partition `a' to partition `b', just for convention's sake (`a' is typically a root file system; `b', swap space), and change its type from `4.2BSD' to `swap'. It will look like: # /dev/rcgd0d: type: cgd disk: cgd label: swap flags: bytes/sector: 512 sectors/track: 2048 tracks/cylinder: 1 sectors/cylinder: 2048 cylinders: 2048 total sectors: 4194304 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 5 partitions: # size offset fstype [fsize bsize cpg/sgs] b: 4194304 0 swap # (Cyl. 0 - 1024*) d: 4194304 0 unused 0 0 # (Cyl. 0 - 1024*) Apply it: # disklabel -R cgd0 /etc/cgd/cgd0.disklabel And make NetBSD apply it on every boot by placing the following in /etc/rc.conf.d/cgd: swap_device=cgd0 swap_disklabel=/etc/cgd/cgd0.disklabel start_postcmd=cgd_swap cgd_swap () { if [ -f "${swap_disklabel}" ]; then disklabel -R "${swap_device}" "${swap_disklabel}" fi }