EFI GELI support ready for testers
Freddie Cash
fjwcash at gmail.com
Wed Jun 1 15:25:34 UTC 2016
On Wed, Jun 1, 2016 at 7:47 AM, Joerg Sonnenberger <joerg at bec.de> wrote:
> On Wed, Jun 01, 2016 at 04:29:16PM +0200, Wojciech Puchar wrote:
> > > It's undesirable because the whole point of ZFS is to have one ZFS
> > > volume for the whole system.
> > This sounds more like a religious dogma than anything else.
>
> If "ZFS volume" means "ZFS pool" here, it is also blatant bullshit.
> There are a lot of reasons for having more than one ZFS pool, the
> easiest being separating SSDs and HDDs for fast vs cheap storage.
>
No one is saying you can't have multiple ZFS pools in a system. For
example, there's nothing wrong with having a "system" pool where the OS is
installed (say, on SSD), and a "storage" pool where all your data goes
(say, on a dozen hard drives).
But, in order to properly support ZFS Boot Environments, you *NEED* to have
/boot as a directory on the / (root) filesystem in a ZFS pool.
When you create BEs, you snapshot and clone the root filesystem
(ideally, which includes the entire base OS install). If you have a
separate /boot partition outside of the BE, things get hairy, out-of-sync,
hard-to-manage, and cause all kinds of issues with versioning of boot
blocks, loader, kernel, modules, and OS.
If you want to encrypt a ZFS-on-root install *AND* use Boot Environments,
then you need to have a way to load the GELI stuff and access the ZFS pool
... without having a separate /boot; ie from the loader.
--
Freddie Cash
fjwcash at gmail.com
More information about the freebsd-hackers
mailing list