Support #799
Updated by Daniel Curtis about 8 years ago
This is a guide on how I set up my laptop to dual boot Windows 10 and PCBSD with a GELI encrpyted ZFS root on a Dell Inspiron 15-3521 UEFI based system.
The setup uses Windows 10 as the primary OS, but the PCBSD partition will booted from a USB flash drive. This guide assumes that the Windows 10 partition has been installed and adequately shrunk.
* When the PCBSD Installation message appears, choose *Text Install / Emergency Console*.
* Select *Utility* then *Shell*.
* Get a list of available drives:
<pre>
camcontrol devlist
</pre>
#* _Example output_:
<pre>
<VB0250EAVER HPG9> at scbus0 target 0 lun 0 (pass0,ada0)
<Sony USB Stick> at scbus6 target 0 lun 0 (pass4,da0)
</pre>
h2. Swap
* Create the *swap* slice:
<pre>
gpart add -s 4G -t freebsd-swap -a 4k -l swap0 ada0
</pre>
#* _Example output_:
<pre>
ada0p8 added
</pre>
* Encrypt the swap space:
<pre>
geli onetime -d -e AES-XTS -l 256 -s 4096 /dev/gpt/swap0
</pre>
h2. USB Bootloader
* Create the boot partition and install the bootcode on the +USB drive+:
<pre>
gpart create -s gpt da0
gpart add -l gptboot0 -s 512k -t freebsd-boot -a 4k da0
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0
gpart set -a bootme -i 1 da0
</pre>
* Create the ZFS *bootpool* on the +USB drive+ and mount it:
<pre>
gpart add -l boot0 -t freebsd-zfs da0
mkdir -p /tmp/mnt/bootpool
zpool create -m none -o altroot=/tmp/mnt/bootpool bootpool /dev/gpt/boot0
mkdir -p /tmp/mnt/bootpool/boot/zfs
mount_nullfs /tmp/mnt/bootpool/boot/zfs /boot/zfs
</pre>
h2. GELI ZFS Root
* Create the disk0 slice:
<pre>
gpart add -t freebsd-zfs -a 4k -l disk0 ada0
</pre>
#* _Example output_:
<pre>
ada0p9 added
</pre>
* Encrypt the OS slice:
<pre>
mkdir /tmp/mnt/bootpool/boot/metadata_backup
geli init -b -s 4096 -e AES-XTS -l 256 -B /tmp/mnt/bootpool/boot/metadata_backup/ada0p9.eli /dev/ada0p9
</pre>
#* *NOTE*: This will store a copy of the GELI metadata on the USB drive, in case bad things happen.
* Attach the encrypted slice:
<pre>
geli attach /dev/ada0p9
</pre>
* Create the *xpool* ZFS pool on top of the GELI encrypted slice, then export it:
<pre>
mkdir -p /tmp/mnt/xpool
zpool create -o altroot=/tmp/mnt/xpool -o cachefile=/tmp/zpool.cache -m none -f xpool /dev/ada0p9.eli
zpool export xpool
</pre>
* Next import the *xpool* ZFS pool and create the root dataset and settings:
<pre>
zpool import -o altroot=/tmp/mnt/xpool -o cachefile=/tmp/zpool.cache xpool
zpool set bootfs=xpool xpool
zfs set checksum=fletcher4 xpool
zfs set atime=off xpool
zfs create xpool/ROOT
zfs set mountpoint=/ xpool/ROOT
</pre>
#* Then create some additional system datasets:
<pre>
zfs create -o canmount=off xpool/ROOT/usr
zfs create -o canmount=off xpool/ROOT/var
zfs create -o compression=on -o exec=on -o setuid=off xpool/ROOT/tmp
zfs create -o compression=gzip -o setuid=off xpool/ROOT/usr/ports
zfs create -o compression=off -o exec=off -o setuid=off xpool/ROOT/usr/ports/distfiles
zfs create -o compression=off -o exec=off -o setuid=off xpool/ROOT/usr/ports/packages
zfs create -o compression=gzip -o exec=off -o setuid=off xpool/ROOT/usr/src
zfs create -o compression=lzjb xpool/ROOT/usr/obj
zfs create -o compression=lzjb -o exec=off -o setuid=off xpool/ROOT/var/crash
zfs create -o compression=off -o exec=off -o setuid=off xpool/ROOT/var/empty
zfs create -o compression=lzjb -o exec=on -o setuid=off xpool/ROOT/var/tmp
</pre>
* Set the permissions of the temp directories in the zfs mount:
<pre>
chmod 1777 /tmp/mnt/xpool/tmp
chmod 1777 /tmp/mnt/xpool/var/tmp
</pre>
* Remount the *bootpool*:
<pre>
umount /boot/zfs
mkdir /tmp/mnt/xpool/bootpool
zfs set mountpoint=/tmp/mnt/xpool/bootpool bootpool
zpool export bootpool
zpool import bootpool
mkdir -p /tmp/mnt/xpool/bootpool/boot/zfs
mount_nullfs /tmp/mnt/xpool/bootpool/boot/zfs /boot/zfs
</pre>
* Extract the base.txz and kernel.txz to the zfs root to install the base system:
<pre>
cat /dist/base.txz | tar --unlink -xpJf - -C /tmp/mnt/xpool
cat /dist/kernel.txz | tar --unlink -xpJf - -C /tmp/mnt/xpool
</pre>
h2. Post-Installation Setup
* Chroot into the xpool:
<pre>
chroot /tmp/mnt/xpool
</pre>
* Copy the install bootload files over to the bootpool, then create a @/boot@ symlink:
<pre>
cd /
rm -r boot/zfs
mv boot/* bootpool/boot/
rm -r boot
ln -sf bootpool/boot
</pre>
* Create an fstab file:
<pre>
vi /etc/fstab
</pre>
#* And add the swap partition definition:
<pre>
/dev/ada0p8.eli none swap sw 0 0
</pre>
* Add the initial system configuration:
<pre>
echo 'zfs_enable="YES"' >> /etc/rc.conf
echo 'sshd_enable="YES"' >> /etc/rc.conf
echo 'hostname="pcbsd.example.com"' >> /etc/rc.conf
</pre>
* Add the bootloader config:
<pre>
echo 'geom_eli_load="YES"' >> /boot/loader.conf
echo 'zfs_load="YES"' >> /boot/loader.conf
echo 'vfs.root.mountfrom="zfs:xpool/ROOT"' >> /boot/loader.conf
echo 'zpool_cache_load="YES"' >> /boot/loader.conf
echo 'zpool_cache_type="/boot/zfs/zpool.cache"' >> /boot/loader.conf
echo 'zpool_cache_name="/boot/zfs/zpool.cache"' >> /boot/loader.conf
</pre>
h2. Networking
* Show what network interfaces are available:
<pre>
ifconfig
</pre>
#* *NOTE*: This guide uses @em0@ for the ethernet interface and @ath0@ as the wireless interface.
h3. Ethernet
* Add the em interface driver to the bootloader config:
<pre>
echo 'if_em_load="YES"' >> /boot/loader.conf
</pre>
* Setup ethernet networking using DHCP:
<pre>
echo 'ifconfig_em0="DHCP"' >> /etc/rc.conf
echo 'hostname="freebsd.example.com"' >> /etc/rc.conf
</pre>
* (Optional) Setup networking using a static IP address instead:
<pre>
echo 'ifconfig_em0="inet 192.168.10.70 netmask 255.255.255.0 broadcast 198.100.10.255"' >> /etc/rc.conf
echo 'defaultrouter="192.168.10.1"' >> /etc/rc.conf
echo 'hostname="freebsd.example.com"' >> /etc/rc.conf
echo 'nameserver 192.168.10.1' >> /etc/resolv.conf
</pre>
h3. Wireless
* Add the ath interface driver and the wireless cryptographic modules to the bootloader config:
<pre>
echo 'if_ath_load="YES"' >> /boot/loader.conf
echo 'wlan_ccmp_load="YES"' >> /boot/loader.conf
echo 'wlan_tkip_load="YES"' >> /boot/loader.conf
</pre>
* Setup wireless networking using WPA and DHCP:
<pre>
echo 'wlans_ath0="wlan0"' >> /etc/rc.conf
echo 'ifconfig_wlan0="WPA SYNCDHCP"' >> /etc/rc.conf
</pre>
* Create a @wpa_supplicant.conf@ file:
<pre>
vi /etc/wpa_supplicant.conf
</pre>
#* And add the following, modifying accordingly:
<pre>
network={
ssid="HomeWifi"
psk="SuperSecretPassword"
}
</pre>
* Then restart the network interface service:
<pre>
service netif restart
</pre>
h2. Finish the Installation
* Exit from the chroot environment:
<pre>
exit
</pre>
* Setup the ZFS mountpoints
<pre>
zfs set mountpoint=legacy xpool/ROOT
zfs set mountpoint=/tmp xpool/tmp
zfs set mountpoint=/usr xpool/usr
zfs set mountpoint=/var xpool/var
zfs set mountpoint=/bootpool bootpool
</pre>
* Unmount the filesystems:
<pre>
umount /boot/zfs
zfs unmount -a
zpool export xpool
zpool export bootpool
</pre>
* Reboot the system and eject the FreeBSD install disc:
<pre>
reboot
</pre>
h2. Setup PCBSD
* Then, disable the FreeBSD package repository:
<pre>
mv /etc/pkg/FreeBSD.conf /root/FreeBSD.conf-old
</pre>
* Create the pkg repos directory:
<pre>
mkdir -p /usr/local/etc/pkg/repos
</pre>
* Then, create the PCBSD repo file:
<pre>
vi /usr/local/etc/pkg/repos/pcbsd.conf
</pre>
#* And add the following:
<pre>
pcbsd: {
url: "http://pkg.cdn.pcbsd.org/10.0-RELEASE/amd64",
signature_type: "fingerprints",
fingerprints: "/usr/local/etc/pkg/fingerprints/pcbsd",
enabled: true
}
</pre>
* Next, create the pkg fingerprints directories:
<pre>
mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/{revoked,trusted}
</pre>
* Then, download the PCBSD repository fingerprint file:
<pre>
cd /usr/local/etc/pkg/fingerprints/pcbsd/trusted/
fetch https://raw.githubusercontent.com/pcbsd/pcbsd/master/src-sh/pcbsd-utils/pc-extractoverlay/ports-overlay/usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209
</pre>
* Update the package database and any installed packages:
<pre>
pkg update
pkg upgrade -fy
</pre>
* Once the repository configuration is complete install the base components:
<pre>
fetch --no-verify-peer -o /etc/freebsd-update.conf 'https://github.com/pcbsd/freebsd/raw/master/etc/freebsd-update.conf'
freebsd-update fetch
freebsd-update install
</pre>
* Then setup the installation to be a PC-BSD desktop
<pre>
pkg install -fy pcbsd-base
rehash
pbreg set /PC-BSD/SysType PCBSD
pc-extractoverlay ports
pc-extractoverlay desktop
</pre>
h3. Setup Desktop Environment
* Install the xfce desktop environment:
<pre>
pkg install pcbsd-meta-xfce
</pre>
* Set The create a .xinitrc file:
<pre>
vi ~/.xinitrc
</pre>
#* And add the first boot scripts to run: following:
<pre>
sh /usr/local/share/pcbsd/scripts/sys-init.sh desktop en_US #!/bin/sh
touch /var/.runxsetup exec startxfce4
touch /var/.pcbsd-firstboot </pre>
* And make the .xinitrc file executable:
touch /var/.pcbsd-firstgui <pre>
chmod +x ~/.xinitrc
</pre>
* Start the X server:
<pre>
startx
</pre>
* Run the firstboot script:
<pre>
pc-firstboot
</pre>
*NOTE*: If you are using NVIDIA video hardware, load the driver before rebooting into the display wizard:
<pre>
pkg install pcbsd-meta-nvidia
</pre>
h2. Resources
* http://www.schmidp.com/2014/01/07/zfs-full-disk-encryption-with-freebsd-10-part-2/
* http://web.pcbsd.org/doc-archive/10.2/html/preinstall.html
* http://web.pcbsd.org/doc-archive/10.2/html/advanced.html
* https://srobb.net/fbsdquickwireless.html
* https://www.freebsd.org/doc/handbook/network-wireless.html
* https://forums.pcbsd.org/thread-20411.html