uefi, geli, beadm by Ben

New About Yours API Help
1.7 KB, Plain text
Hi Benedict, Allan!

With the release of FreeBSD 11.1-RELEASE I decided once again to use Boot Environments to upgrade my machines.

On most of them I created a boot environment, mounted it on /mnt, then ran:
> freebsd-upgrade upgrade -b /mnt -r 11.1-RELEASE

After the upgrade had downloaded, I ran the following three times:
> freebsd-update install -b /mnt

Then, umounted and activated the BE, and rebooted into it.

This worked for all of my VMs, but when I came to install the upgrade on my laptop I get this:

> Installing updates...mkdir: /mnt//boot: No such file or directory
> mtree: mtree: /mnt//boot/kernel.old: No such file or directory/mnt//boot/kernel: No such file or directory
> touch: /mnt//boot/kernel.old/.freebsd-update: No such file or directory
> Could not create kernel backup directory

The only difference (other than this being real hardware) is that I have full disk encryption using GELI.

From my understanding, when GELI encryption is used the kernel is put into a separate pool: bootpool.  This is then symlinked to /boot.  So, in this scenario bootpool (therefore the kernel) isn’t part of the boot environment.  If I was to activate this boot environment and reboot into it, then upgrade I would need to create a separate snapshot of bootpool in order to switch back to 11.0-RELEASE should something go wrong…?

This doesn’t sound right to me.  Boot Environments allow us to roll back incase an update/upgrade goes wrong, and reduce the amount of downtime required by letting us upgrade the inactive Boot Environment then booting into it; so how does this work with GELI encryption?

As always, many thanks for the show and continue the great work.

All the best,
Pasted 10 months, 2 weeks ago — Expires in 49 days
URL: http://dpaste.com/2TP90HD