geom_eli, N disks, zfs

Pete French petefrench at ticketswitch.com
Tue Sep 22 10:37:07 UTC 2009


> Is there any better way to configure a system to encrypt N-disk with passphrase for using under zfs as write in loader.conf following:

I use a very short separate partition as the keyfile, decrypt that
once and then use it to decrypt the others. My rc.conf looks like
this:

	geli_autodetach="NO"
	geli_devices="ad4s1e ad6 ad8"
	geli_ad6_flags="-p -k /dev/ad4s1e.eli"
	geli_ad8_flags="-p -k /dev/ad4s1e.eli"

which is a bit shorter than yours :-) ad4s1 is 5 sectors (i.e. 2560
bytes) hence ad4s1.eli is 2048 bytes. I initialised it with random
data before encrypting the other discs and I keep a backup of
the 4 sectors elsewhere just in case...

-pete.


More information about the freebsd-geom mailing list