-- Leo's gemini proxy

-- Connecting to tilde.pink:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;

2. Embedding (wifi) firmware into cgdroot init image.


I built my NetBSD system with root filesystem encryption according to the guide on unitedbsd.coms forum, which was really straight-forward and works wonderfully well.

When I tried to boot the system on my laptop, though, the wifi wouldn't work. dmesg said the driver cannot load the firmware which my wifi card needs to operate, as do many. The firmware files where all in-place, so it took me a minute to figure it out.


cgdroot and firmware


The encrypted system uses an init image for the early boot, during which the wifi init takes place. The root disk gets unlocked later on, so the firmware files are not accessible at that time, so no firmware load, no wifi. :(

Reading around for a while I found the documentation to build your own cgdroot image.


Building cgdroot


Not a lot of steps to do, see the link below for the full documentation:


check out release sources

make distribution, to build the needed tools

adapt cgdroot config, see below

build the cgdroot image and kernel module

copy the new image to /etc/cgd, the unencrypted boot filesystem.


Adapting cgdroot config


For my Intel centrino I need iwlwifi-6000g2a-5.ucode in my boot image.

To get that, I added it to /usr/src/distrib/amd64/ramdisks/ramdisk-cgdroot/list


COPY /libdata/firmware/if_iwn/iwlwifi-6000g2a-5.ucode libdata/firmware/if_iwn/iwlwifi-6000g2a-5.ucode

and for that copy to work the directory needs to exist in the image. For that I add to /usr/src/distrib/common/mtree.cgdroot


./libdata
./libdata/firmware
./libdata/firmware/if_iwn

Find a good place for both additions, I added them after the most work was done in each file.

Compile, copy, reboot, and afterwards my wifi worked. :)


I'm pretty sure this is not portable to architectures other than amd64, so the edit in distrib/common might not be the best idea if you use your sourcetree for other boxes. This is not ment to be a patch for upstream ;)


URLs


The full disk encryption guide on UnitedBSD

cgdroot documentation on NetBSD wiki


thoughts?


you can reply to my post on the fediverse or shoot me a mail


https://bsd.network/@pickles/107451138962021341

pickles@tilde.pink


> $Id: 2_cgdroot_with_firmware.gmi,v 1.3 2021/12/21 14:37:53 pickles Exp $

-- Response ended

-- Page fetched on Sun May 19 17:49:46 2024