Support #799
Updated by Daniel Curtis over 8 years ago
This is a guide on how I set up my laptop to dual boot Windows 10 and PCBSD with a GELI encrpyted ZFS root on a Dell Inspiron 15-3521 UEFI based system. The setup uses Windows 10 as the primary OS, but the PCBSD partition will booted from a USB flash drive. This guide assumes that the Windows 10 partition has been installed and adequately shrunk. * When the PCBSD Installation message appears, choose *Text Install / Emergency Console*. * Select *Utility* then *Shell*. * Get a list of available drives: <pre> camcontrol devlist </pre> #* _Example output_: <pre> <VB0250EAVER HPG9> at scbus0 target 0 lun 0 (pass0,ada0) <Sony USB Stick> at scbus6 target 0 lun 0 (pass4,da0) </pre> h2. Swap * Create the *swap* slice: <pre> gpart add -s 4G -t freebsd-swap -a 4k -l swap0 ada0 </pre> #* _Example output_: <pre> ada0p8 added </pre> * Encrypt the swap space: <pre> geli onetime -d -e AES-XTS -l 256 -s 4096 /dev/gpt/swap0 </pre> h2. USB Bootloader * Create the boot partition and install the bootcode on the +USB drive+: <pre> gpart create -s gpt da0 gpart add -l gptboot0 -s 512k -t freebsd-boot -a 4k da0 gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0 gpart set -a bootme -i 1 da0 </pre> * Create the ZFS *bootpool* on the +USB drive+ and mount it: <pre> gpart add -l boot0 -t freebsd-zfs da0 mkdir -p /tmp/mnt/bootpool zpool create -m none -o altroot=/tmp/mnt/bootpool bootpool /dev/gpt/boot0 mkdir -p /tmp/mnt/bootpool/boot/zfs mount_nullfs /tmp/mnt/bootpool/boot/zfs /boot/zfs </pre> h2. GELI ZFS Root * Create the disk0 slice: <pre> gpart add -t freebsd-zfs -a 4k -l disk0 ada0 </pre> #* _Example output_: <pre> ada0p9 added </pre> * Encrypt the OS slice: <pre> mkdir /tmp/mnt/bootpool/boot/metadata_backup geli init -b -s 4096 -e AES-XTS -l 256 -B /tmp/mnt/bootpool/boot/metadata_backup/ada0p9.eli /dev/ada0p9 </pre> #* *NOTE*: This will store a copy of the GELI metadata on the USB drive, in case bad things happen. * Attach the encrypted slice: <pre> geli attach /dev/ada0p9 </pre> * Create the *xpool* ZFS pool on top of the GELI encrypted slice, then export it: <pre> mkdir -p /tmp/mnt/xpool zpool create -o altroot=/tmp/mnt/xpool -o cachefile=/tmp/zpool.cache -m none -f xpool /dev/ada0p9.eli zpool export xpool </pre> * Next import the *xpool* ZFS pool and create the root dataset and settings: <pre> zpool import -o altroot=/tmp/mnt/xpool -o cachefile=/tmp/zpool.cache xpool zpool set bootfs=xpool xpool zfs set checksum=fletcher4 xpool zfs set atime=off xpool zfs create xpool/ROOT zfs set mountpoint=/ xpool/ROOT </pre> #* Then create some additional system datasets: <pre> zfs create -o canmount=off xpool/ROOT/usr zfs create -o canmount=off xpool/ROOT/var zfs create -o compression=on -o exec=on -o setuid=off xpool/ROOT/tmp zfs create -o compression=gzip -o setuid=off xpool/ROOT/usr/ports zfs create -o compression=off -o exec=off -o setuid=off xpool/ROOT/usr/ports/distfiles zfs create -o compression=off -o exec=off -o setuid=off xpool/ROOT/usr/ports/packages zfs create -o compression=gzip -o exec=off -o setuid=off xpool/ROOT/usr/src zfs create -o compression=lzjb xpool/ROOT/usr/obj zfs create -o compression=lzjb -o exec=off -o setuid=off xpool/ROOT/var/crash zfs create -o compression=off -o exec=off -o setuid=off xpool/ROOT/var/empty zfs create -o compression=lzjb -o exec=on -o setuid=off xpool/ROOT/var/tmp </pre> * Set the permissions of the temp directories in the zfs mount: <pre> chmod 1777 /tmp/mnt/xpool/tmp chmod 1777 /tmp/mnt/xpool/var/tmp </pre> * Remount the *bootpool*: <pre> umount /boot/zfs mkdir /tmp/mnt/xpool/bootpool zfs set mountpoint=/tmp/mnt/xpool/bootpool bootpool zpool export bootpool zpool import bootpool mkdir -p /tmp/mnt/xpool/bootpool/boot/zfs mount_nullfs /tmp/mnt/xpool/bootpool/boot/zfs /boot/zfs </pre> * Extract the base.txz and kernel.txz to the zfs root to install the base system: <pre> cat /dist/base.txz | tar --unlink -xpJf - -C /tmp/mnt/xpool cat /dist/kernel.txz | tar --unlink -xpJf - -C /tmp/mnt/xpool </pre> h2. Post-Installation Setup * Chroot into the xpool: <pre> chroot /tmp/mnt/xpool </pre> * Copy the install bootload files over to the bootpool, then create a @/boot@ symlink: <pre> cd / rm -r boot/zfs mv boot/* bootpool/boot/ rm -r boot ln -sf bootpool/boot </pre> * Create an fstab file: <pre> vi /etc/fstab </pre> #* And add the swap partition definition: <pre> /dev/ada0p8.eli none swap sw 0 0 </pre> * Add the initial system configuration: <pre> echo 'zfs_enable="YES"' >> /etc/rc.conf echo 'sshd_enable="YES"' >> /etc/rc.conf echo 'hostname="pcbsd.example.com"' >> /etc/rc.conf </pre> * Add the bootloader config: <pre> echo 'geom_eli_load="YES"' >> /boot/loader.conf echo 'zfs_load="YES"' >> /boot/loader.conf echo 'vfs.root.mountfrom="zfs:xpool/ROOT"' >> /boot/loader.conf echo 'zpool_cache_load="YES"' >> /boot/loader.conf echo 'zpool_cache_type="/boot/zfs/zpool.cache"' >> /boot/loader.conf echo 'zpool_cache_name="/boot/zfs/zpool.cache"' >> /boot/loader.conf </pre> h2. Networking * Show what network interfaces are available: <pre> ifconfig </pre> #* *NOTE*: This guide uses @em0@ for the ethernet interface and @ath0@ as the wireless interface. h3. Ethernet * Add the em interface driver to the bootloader config: <pre> echo 'if_em_load="YES"' >> /boot/loader.conf </pre> * Setup ethernet networking using DHCP: <pre> echo 'ifconfig_em0="DHCP"' >> /etc/rc.conf echo 'hostname="freebsd.example.com"' >> /etc/rc.conf </pre> * (Optional) Setup networking using a static IP address instead: <pre> echo 'ifconfig_em0="inet 192.168.10.70 netmask 255.255.255.0 broadcast 198.100.10.255"' >> /etc/rc.conf echo 'defaultrouter="192.168.10.1"' >> /etc/rc.conf echo 'hostname="freebsd.example.com"' >> /etc/rc.conf echo 'nameserver 192.168.10.1' >> /etc/resolv.conf </pre> h3. Wireless * Add the ath interface driver and the wireless cryptographic modules to the bootloader config: <pre> echo 'if_ath_load="YES"' >> /boot/loader.conf echo 'wlan_ccmp_load="YES"' >> /boot/loader.conf echo 'wlan_tkip_load="YES"' >> /boot/loader.conf </pre> * Setup wireless networking using WPA and DHCP: <pre> echo 'wlans_ath0="wlan0"' >> /etc/rc.conf echo 'ifconfig_wlan0="WPA SYNCDHCP"' >> /etc/rc.conf </pre> * Create a @wpa_supplicant.conf@ file: <pre> vi /etc/wpa_supplicant.conf </pre> #* And add the following, modifying accordingly: <pre> network={ ssid="HomeWifi" psk="SuperSecretPassword" } </pre> * Then restart the network interface service: <pre> service netif restart </pre> h2. Finish the Installation * Exit from the chroot environment: <pre> exit </pre> * Setup the ZFS mountpoints <pre> zfs set mountpoint=legacy xpool/ROOT zfs set mountpoint=/tmp xpool/tmp zfs set mountpoint=/usr xpool/usr zfs set mountpoint=/var xpool/var zfs set mountpoint=/bootpool bootpool </pre> * Unmount the filesystems: <pre> umount /boot/zfs zfs unmount -a zpool export xpool zpool export bootpool </pre> * Reboot the system and eject the FreeBSD install disc: <pre> reboot </pre> h2. Setup PCBSD * Then, disable the FreeBSD package repository: <pre> mv /etc/pkg/FreeBSD.conf /root/FreeBSD.conf-old </pre> * Create the pkg repos directory: <pre> mkdir -p /usr/local/etc/pkg/repos </pre> * Then, create the PCBSD repo file: <pre> vi /usr/local/etc/pkg/repos/pcbsd.conf </pre> #* And add the following: <pre> pcbsd: { url: "http://pkg.cdn.pcbsd.org/10.0-RELEASE/amd64", signature_type: "fingerprints", fingerprints: "/usr/local/etc/pkg/fingerprints/pcbsd", enabled: true } </pre> * Next, create the pkg fingerprints directories: <pre> mkdir -p /usr/local/etc/pkg/fingerprints/pcbsd/{revoked,trusted} </pre> * Then, download the PCBSD repository fingerprint file: <pre> cd /usr/local/etc/pkg/fingerprints/pcbsd/trusted/ fetch https://raw.githubusercontent.com/pcbsd/pcbsd/master/src-sh/pcbsd-utils/pc-extractoverlay/ports-overlay/usr/local/etc/pkg/fingerprints/pcbsd/trusted/pkg.cdn.pcbsd.org.20131209 </pre> * Update the package database and any installed packages: <pre> pkg update pkg upgrade -fy </pre> * Once the repository configuration is complete install the base components: <pre> fetch --no-verify-peer -o /etc/freebsd-update.conf 'https://github.com/pcbsd/freebsd/raw/master/etc/freebsd-update.conf' freebsd-update fetch freebsd-update install </pre> * Then setup the installation to be a PC-BSD desktop <pre> pkg install -fy pcbsd-base rehash pbreg set /PC-BSD/SysType PCBSD pc-extractoverlay ports pc-extractoverlay desktop </pre> h3. Setup Desktop Environment * Install the xfce desktop environment: <pre> pkg install pcbsd-meta-xfce </pre> * Set The create a .xinitrc file: <pre> vi ~/.xinitrc </pre> #* And add the first boot scripts to run: following: <pre> sh /usr/local/share/pcbsd/scripts/sys-init.sh desktop en_US #!/bin/sh touch /var/.runxsetup exec startxfce4 touch /var/.pcbsd-firstboot </pre> * And make the .xinitrc file executable: touch /var/.pcbsd-firstgui <pre> chmod +x ~/.xinitrc </pre> * Start the X server: <pre> startx </pre> * Run the firstboot script: <pre> pc-firstboot </pre> *NOTE*: If you are using NVIDIA video hardware, load the driver before rebooting into the display wizard: <pre> pkg install pcbsd-meta-nvidia </pre> h2. Resources * http://www.schmidp.com/2014/01/07/zfs-full-disk-encryption-with-freebsd-10-part-2/ * http://web.pcbsd.org/doc-archive/10.2/html/preinstall.html * http://web.pcbsd.org/doc-archive/10.2/html/advanced.html * https://srobb.net/fbsdquickwireless.html * https://www.freebsd.org/doc/handbook/network-wireless.html * https://forums.pcbsd.org/thread-20411.html