To avoid posts by spam, a message body without the word #FuguIta is rejected. Please include the word in your message text.
URLs in the body of the message will also be judged as spam. If you wish to express a URL, please omit the scheme (http://, https://, etc.).
kaw (2023-01-24 (Tue) 13:31:31)
FuguIta can remaster LiveUSB using the newdrive function of the usbfadm utility.
However, in this case, the data storage partition can be encrypted, but the area where the operating system is stored can't.
This is so that FuguIta's fresh boot (boot modes 0, 1, and 2) can be used without a passphrase even though the data storage partition is encrypted.
In contrast, the entire media on which FuguIta LiveUSB is stored can also be encrypted.
The procedure is almost identical to OpenBSD's full-disk encryption, roughly as follows.
1. Initialize the desired disk and create an encrypted volume.
2. Apply the newdrive function of the usbfadm utility to the encrypted volume.
The specific steps are as follows
Note: The following procedure is valid only for Legacy BIOS boot; further investigation is required for UEFI boot.
Create encrypted volume
The work is done with root privileges. In the following example, sd1 is the volume to be encrypted.
First, write random data to the entire disk.test# dd if=/dev/urandom of=/dev/rsd1c bs=1m dd: /dev/rsd1c: end of device 2049+0 records in 2048+0 records out 2147483648 bytes transferred in 42.961 secs (49986618 bytes/sec)Next, initialize the fdisk partition.
test# fdisk -iy sd1 Writing MBR at offset 0.Create a RAID partition using the disklabel command.
test# disklabel -E sd1 Label editor (enter '?' for help at any prompt) sd1> a a offset: [64] size: [4194240] * FS type: [4.2BSD] raid sd1*> w sd1> q No label changes.Create an encrypted volume in the RAID partition you just created.
test# bioctl -c C -l /dev/sd1a softraid0 New passphrase: Re-type passphrase: softraid0: CRYPTO volume attached as sd2 test# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1 dd: /dev/rsd2c: short write on character device dd: /dev/rsd2c: end of device 2048+0 records in 2047+1 records out 2147180544 bytes transferred in 70.967 secs (30255841 bytes/sec) test#The encrypted volume sd2 has now been created.
Installing FuguIta LiveUSB on an encrypted volume
Installation of FuguIta LiveUSB on the encrypted volume sd2 is the same as the normal remastering of FuguIta LiveUSB.test# usbfadm Welcome to usbfadm. USB flash drive administration tool for FuguIta Version/Arch: 7.2/amd64 (FuguIta-7.2-amd64-202301181) Boot mode: manual Target device: not set Data saved as: not set readline capability available TAB to complete the reserved words Type ? for help. ? : ? ->newdrive Please make sure the device inserted. Then press ENTER -> ==== disk(s) and vnode devices ============================ sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > sd0: 2048MB, 512 bytes/sector, 4194304 sectors sd1 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > sd1: 2048MB, 512 bytes/sector, 4194304 sectors sd2 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> sd2: 2047MB, 512 bytes/sector, 4193712 sectors vnd0: not in use vnd1: not in use vnd2: not in use vnd3: not in use vnd4: not in use vnd5: covering /sysmedia/fuguita-7.2-amd64.ffsimg on sd0a, inode 48172 ============================================================ Enter the name of device which FuguIta will be installed->sd2Since the entire disk is encrypted, there is no need to encrypt the partition for user data storage.
user data encryption? [y/N] ->n
Confirmation of operation
Confirm that when you boot the created FuguIta LiveUSB, it asks you for your passphrase before the boot prompt.Using drive 0, partition 3 Loading...... probing: pc0 com0 mem[638K 2046M a20=on] disk: hd0+ sr0* >> OpenBSD/amd64 BOOT 3.55 Passphrase: / >> bsd-fi.mp is for >> multiprocessor kernel (default). >> Enter 'bsd-fi' for Uniprocessor. boot> cannot open sr0a:/etc/random.seed: No such file or directory booting sr0a:/bsd-fi.mp: 15754520+3781648+2256928+0+1179648[1141593+128+1231680+932473]=0x19125a0 entry point at 0xffffffff81001000 [ using 3306912 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2022 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 7.2-stable (RDROOT.MP) #23: Wed Jan 18 09:09:22 JST 2023 root@nimbus12.localnet:/opt/fi/7.2/sys/arch/amd64/compile/RDROOT.MP real mem = 2130694144 (2031MB) avail mem = 2046828544 (1952MB)
kaw (2022-12-28 (Wed) 01:30:25)
When remastering LiveUSB using usbfadm, you can now specify whether MFS or TMPFS is the file system to mount on /ram. The default is MFS.fugu-demo# usbfadm : sd1d : fugu-demo ->newdrive : Type of /ram: 1: [MFS] 2: TMPFS -> :Also, when creating LiveDVD images with remaster_dvd.sh, the command line option -m can now be used to specify the same.
fugu-demo# remaster_dvd.sh -h Usage: remaster_dvd.sh [-m mfs|tmpfs] fugu-demo# remaster_dvd.sh -m tmpfs Changing file system of /ram: from mfs to tmpfs mkhybrid 1.12b5.1 Scanning . Scanning ./etc :#FuguIta
kaw (2022-12-19 (Mon) 15:35:41)
A few weeks ago, a fix was committed for kernel panics caused by TMPFS operations.
https://marc.info/?l=openbsd-cvs&m=166853221306810&w=2
Therefore, in this release FuguIta-*-202212191, TMPFS is now enabled on the FuguIta kernel.
At boot time, /ram is mounted with MFS as before, but to enable TMPFS mounting instead, rewrite the value of memfstype in the system image file fuguita-7.2-ARCH.ffsimg.
The procedure is as follows
To modify LiveUSB, on running FuguIta LiveUSB:# mount -uw /sysmedia # mount -uw /fuguita # sed -i.bak -e '/memfstype=/s/=mfs/=tmpfs/' /fuguita/etc/fuguita/global.conf <-- or use your preferred editor # cat /fuguita/etc/fuguita/global.conf fuguita_sys_mb=1010 # size of media.img memfstype=tmpfs # 'mfs' or 'tmpfs' <-- make sure memfstype is set to tmpfs mfs_max_mb=30720 # mfs hard limit - 30GB # mount -ur /fuguita # mount -ur /sysmedia # rebootTo generate modified ISO image, on running FuguIta LiveUSB or LiveDVD:
# cd / # pax -rwpe sysmedia WORKDIR <-- WORKDIR is the directory that can have the capacity more than about 2GB # cd WORKDIR/sysmedia # vnconfig vnd0 fuguita-7.2-amd64.ffsimg vnd0 # mount /dev/vnd0a /mnt # sed -i.bak -e '/memfstype=/s/=mfs/=tmpfs/' /mnt/etc/fuguita/global.confg <-- or use your preferred editor # cat /mnt/etc/fuguita/global.conf fuguita_sys_mb=1010 # size of media.img memfstype=tmpfs # 'mfs' or 'tmpfs' <-- make sure memfstype is set to tmpfs mfs_max_mb=30720 # mfs hard limit - 30GB # umount /mnt # vnconfig -u vnd0 # remaster_dvd.sh <-- generate ISO image mkhybrid 1.12b5.1 Scanning . Scanning ./etc Size of boot image is 4 sectors -> No-emulation CD boot sector Total translation table size: 0 Total rockridge attributes bytes: 1028 Total directory bytes: 2048 Path table size(bytes): 22 512769 extents written (1001 Mb) # ls -l .. <-- the ISO image is generated at parent directory total 2052114 -rw-r--r-- 1 root wheel 1050150912 Dec 18 06:13 FuguIta-7.2-amd64-202212181.iso drwxr-xr-x 3 root wheel 512 Oct 22 17:09 sysmediaWhen booting with modified media, size of tmpfs is prompted.
available memory: 239M Enter tmpfs size (0M is auto). You can add suffix K, M, or G. % is a percentage of memory size. and %% is a percentage of the total memory and swap. otherwise considered "megabytes" [default: 0M] -> set tmpfs size to 0MBWith the procedures described above, you can use FuguIta with TMPFS. Although note that TMPFS is not completely stable. TMPFS may cause kernel panic when it is heavily being paged out and in. For example, this problem can be reproduced by executing following test script.
#!/bin/sh # test directory located in tmpfs # testdir=/ram # in case of FuguIta cd $testdir || exit 1 df -h swapctl -lk blk=64 # block size of dd write in MB i=1 while [[ $(df -h | awk '$6 ~ /\/ram$/ { print 0+$5 }') < 95 ]]; do echo "====trying ${i}*${blk}MB ====" dd if=/dev/zero of=zerofill_${i} bs=1m count=$blk || break df -h swapctl -lk i=$((i+1)) done
Former articles are at FuguIta/BBS/12.