Key-based FDE /w UEFI fails

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Key-based FDE /w UEFI fails

Stefan Wollny-2
Hi there!

I need help / advice with a fresh install onto a Thinkpad T450s which I
recently bought on eBay.

The system starts with UEFI enabled and was running fine with a rather
small SSD without FDE. dmesg from some recent posts may be found.

I followed the steps as given in the FAQ
(http://www.openbsd.org/faq/faq14.html#softraid) with a new, larger SSD
and the key disk both initialized with
'fdisk -iy -g -b 960 sd0' (and '... sd2' for the key disk).

On both disks I created a 'a'-partion with type RAID as zero'd the first
blocks.

softraid is activated with 'bioctl -c C -k sd2a -l sd0a softraid0'.

The installation was without noticable deviation to a non-FDE installation.

The layout is identical to an other FDE-secured laptop which starts with
BIOS:
sd0a /
sd0b swap
sd0d /tmp
sd0e /var
sd0f /usr
sd0g /usr/local
sd0h /home
(As this is a 1TB-SSD each partition has lots of capacity...)

Yet after rebooting the first time I get the following:

probing: pc0 mem[352K 204K 3256M 4832M]
disk: hd0 hd1 sr0*
>> OpenBSD/amd64 BOOTS64 3.40
open(hd0a:/etc/boot.con f): Invalid argument
boot>
cannot open hd0a:/etc/random.seed: Invalid argument
booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
 failed(22). will try /bsd
boot>
cannot open hd0a:/etc/random.seed: Invalid argument
booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
 failed(22). will try /bsd
Turning timeout off.
boot>

At this point I am lost. Tried to google for any information that makes
sense but only found very old posts (from 2011 and older) which didn't
provide hints on how to proceed.

Anybody with a clue?

TIA.

Best,
STEFAN


Reply | Threaded
Open this post in threaded view
|

Re: Key-based FDE /w UEFI fails

Joel Sing-3
On Thursday 29 November 2018 20:38:23 Stefan Wollny wrote:

> Hi there!
>
> I need help / advice with a fresh install onto a Thinkpad T450s which I
> recently bought on eBay.
>
> The system starts with UEFI enabled and was running fine with a rather
> small SSD without FDE. dmesg from some recent posts may be found.
>
> I followed the steps as given in the FAQ
> (http://www.openbsd.org/faq/faq14.html#softraid) with a new, larger SSD
> and the key disk both initialized with
> 'fdisk -iy -g -b 960 sd0' (and '... sd2' for the key disk).
>
> On both disks I created a 'a'-partion with type RAID as zero'd the first
> blocks.
>
> softraid is activated with 'bioctl -c C -k sd2a -l sd0a softraid0'.
>
> The installation was without noticable deviation to a non-FDE installation.
>
> The layout is identical to an other FDE-secured laptop which starts with
> BIOS:
> sd0a /
> sd0b swap
> sd0d /tmp
> sd0e /var
> sd0f /usr
> sd0g /usr/local
> sd0h /home
> (As this is a 1TB-SSD each partition has lots of capacity...)
>
> Yet after rebooting the first time I get the following:
>
> probing: pc0 mem[352K 204K 3256M 4832M]
> disk: hd0 hd1 sr0*
>
> >> OpenBSD/amd64 BOOTS64 3.40
>
> open(hd0a:/etc/boot.con f): Invalid argument
> boot>
> cannot open hd0a:/etc/random.seed: Invalid argument
> booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
>  failed(22). will try /bsd
> boot>
> cannot open hd0a:/etc/random.seed: Invalid argument
> booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
>  failed(22). will try /bsd
> Turning timeout off.
> boot>
>
> At this point I am lost. Tried to google for any information that makes
> sense but only found very old posts (from 2011 and older) which didn't
> provide hints on how to proceed.
>
> Anybody with a clue?

The 'sr0*' in the above output shows that the boot loader found the softraid
volume and believes that it is bootable. What should have happened is that the
boot loader identified that the disk you booted from is part of the softraid
volume and switched to sr0 as the boot device - for some reason it did not and
continued to try to boot from hd0 instead.

You should be able to boot by manually specifying:

  boot sr0a:/bsd

at the boot> prompt.

If that works we'll have to track down the reason why the automatic switching
of the boot device failed (line 146 of sys/arch/amd64/stand/libsa/dev_i386.c
and the code that leads up to it).

Reply | Threaded
Open this post in threaded view
|

Re: Key-based FDE /w UEFI fails => SUCCESS

Stefan Wollny-2
Am 30.11.18 um 16:38 schrieb Joel Sing:

> On Thursday 29 November 2018 20:38:23 Stefan Wollny wrote:
>> Hi there!
>>
>> I need help / advice with a fresh install onto a Thinkpad T450s which I
>> recently bought on eBay.
>>
>> The system starts with UEFI enabled and was running fine with a rather
>> small SSD without FDE. dmesg from some recent posts may be found.
>>
>> I followed the steps as given in the FAQ
>> (http://www.openbsd.org/faq/faq14.html#softraid) with a new, larger SSD
>> and the key disk both initialized with
>> 'fdisk -iy -g -b 960 sd0' (and '... sd2' for the key disk).
>>
>> On both disks I created a 'a'-partion with type RAID as zero'd the first
>> blocks.
>>
>> softraid is activated with 'bioctl -c C -k sd2a -l sd0a softraid0'.
>>
>> The installation was without noticable deviation to a non-FDE installation.
>>
>> The layout is identical to an other FDE-secured laptop which starts with
>> BIOS:
>> sd0a /
>> sd0b swap
>> sd0d /tmp
>> sd0e /var
>> sd0f /usr
>> sd0g /usr/local
>> sd0h /home
>> (As this is a 1TB-SSD each partition has lots of capacity...)
>>
>> Yet after rebooting the first time I get the following:
>>
>> probing: pc0 mem[352K 204K 3256M 4832M]
>> disk: hd0 hd1 sr0*
>>
>>>> OpenBSD/amd64 BOOTS64 3.40
>>
>> open(hd0a:/etc/boot.con f): Invalid argument
>> boot>
>> cannot open hd0a:/etc/random.seed: Invalid argument
>> booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
>>  failed(22). will try /bsd
>> boot>
>> cannot open hd0a:/etc/random.seed: Invalid argument
>> booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
>>  failed(22). will try /bsd
>> Turning timeout off.
>> boot>
>>
>> At this point I am lost. Tried to google for any information that makes
>> sense but only found very old posts (from 2011 and older) which didn't
>> provide hints on how to proceed.
>>
>> Anybody with a clue?
>
> The 'sr0*' in the above output shows that the boot loader found the softraid
> volume and believes that it is bootable. What should have happened is that the
> boot loader identified that the disk you booted from is part of the softraid
> volume and switched to sr0 as the boot device - for some reason it did not and
> continued to try to boot from hd0 instead.
>
> You should be able to boot by manually specifying:
>
>   boot sr0a:/bsd
>
> at the boot> prompt.
>
> If that works we'll have to track down the reason why the automatic switching
> of the boot device failed (line 146 of sys/arch/amd64/stand/libsa/dev_i386.c
> and the code that leads up to it).
>
SUCCESS!

With this boot params the system came up as expected.

THANK YOU once again for caring and your precious time! Much appreciated.

Let me know if I shall do some tests prior to taking the machine to
production.

Best,
STEFAN

Reply | Threaded
Open this post in threaded view
|

Re: Key-based FDE /w UEFI fails => SUCCESS

Stefan Wollny-2
Am 02.12.18 um 13:26 schrieb Stefan Wollny:
> Am 30.11.18 um 16:38 schrieb Joel Sing:
>> On Thursday 29 November 2018 20:38:23 Stefan Wollny wrote:
[ ..]

> SUCCESS!
>
> With this boot params the system came up as expected.
>
> THANK YOU once again for caring and your precious time! Much appreciated.
>
> Let me know if I shall do some tests prior to taking the machine to
> production.
>
> Best,
> STEFAN
>
Just an additional note: After having successfully reinstalled from by
backup rebooting again required to set 'boot sr0a:/bsd'. Maybe this is
somehow related to this
https://marc.info/?l=openbsd-misc&m=154341622617488&w=2
and/or this
https://marc.info/?l=openbsd-misc&m=154332857825943&w=2
???