Solved How can I do Geli automount (when system boot) couple of disk (system disk SSD and data disk HDD)?

[xruss]

Hello! Could you help me to get ahead in solving the problem installation of FreeBSD12.2 with GELI encrypt?
My installation steps:
SSD (ada0) - system will install here

# gpart destroy -F ada0
# gpart create -s gpt ada0

HDD (ada1) - data disk

# gpart destroy -F ada1
# gpart create -s gpt ada1

boot block

# gpart add -t freebsd-boot -s 64k –l gptboot ada0
# gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0

create and format boot partition

# gpart add -t freebsd-ufs -s 1g -l boot ada0
# newfs -U gpt/boot

swap

gpart add -t freebsd-swap -l swap –s 20g ada0

create partitions for encript
SSD

#gpart add -t freebsd-ufs -l enc ada0

HDD

# gpart add -t freebsd-ufs -l enc2 ada1

Geli init couple of parts

# geli init -l 256 -e aes-xts -b gpt/enc gpt/enc2

and attach

# geli attach gpt/enc
# geli attach gpt/enc2

format

#newfs -U gpt/enc.eli
#newfs -U gpt/enc2.eli

mount boot and enc.eli

# mount /dev/gpt/enc.eli /mnt
# mkdir /mnt/boot2
# mount /dev/gpt/boot /mnt/boot2
# mkdir /mnt/boot2/boot
# cd /mnt
# ln -s boot2/boot boot

I want to mount gpt/enc2.eli here (in autoboot). How can I do it?:

# mkdir /mnt/HDD
# mount /dev/gpt/enc2.eli /mnt/HDD

backups geli keys

# mkdir gelibackups
# cp /var/backups/* gelibackups

complete installation

# exit

last step - configuration files
# vi /boot/loader.conf

geom_eli_load="YES"
vfs.root.mountfrom="ufs:/dev/da0p4.eli"

# vi /etc/fstab

/dev/gpt/enc.eli  /        ufs    rw,noatime    1    1
/dev/gpt/boot     /boot2   ufs    rw,noatime    1    1
/dev/gpt/swap.eli none     swap   sw            0    0

# vi /etc/rc.conf

geli_swap_flags="-e blowfish -l 128 -s 4096 -d"
# exit

I can mount and install system at ssd disk only, but unfortunately I can't mount additional (HDD) disk to automount at system boot.
Could you help me?

 

[ct85711]

I can mount and install system at ssd disk only, but unfortunately i can`t mount additional (HDD) disk to automount at system boot

Well, it may depend on when you really need the additional HDD mounted. For example, is the drive with /boot isn't required to be mounted for the root system to be mounted (if anything the system accesses the /boot to load the kernel, then root is mounted and finally /boot can be mounted). Either way, the root system is the critical portion. Now if you have say /usr seperated to a different drive, then you could potentially have more issues (I don't know how picky FreeBSD is on core programs necessary to boot in /bin (or /sbin). Now, I do know neither /home or /var are required to boot up, so they can easily be mounted from fstab without any issues (my server is running that way). Swap it's self is NOT required to boot, so can be activated at any time during the boot process (including towards the end; unless you are limited on memory)

 

[T-Daemon]

i can`t mount additional (HDD) disk to automount at system boot.

Have a look at /etc/defaults/rc.conf, # GELI disk encryption configuration., # Example use. and geli_* in rc.conf(5)

 

[TempleBSD]

This article helped me to set up encrypted root: https://www.c0ffee.net/blog/freebsd-full-disk-encryption-uefi/
I do not really understand why you would need a different disk to be mounted during boot. Only efi, then /boot and after that / (root) will be needed for your computer to start. Your root seems to live in da0p4 and you have seeminlgy set that up correctly. Maybe what youre looking for is an entry in /etc/fstab?

 

[xruss]

I mounted second disk partition in fstab. Thank everebody for your help=)