FreeBSD 10 RELEASE amd64 how to install on single drive with encrypted ZFS root?

[dweimer]

On 03/07/2014 3:28 am, Matthew Seaman wrote:
> On 03/07/14 08:10, David Christensen wrote:
>> The FreeBSD manual covers 9 and the wiki "Root on ZFS" article covers 
>> 8.
>> 
>> STFW I've found several things for 9, but no direct hits for 10 with
>> encrypted ZFS root.  (There is a Flash video that might cover it, but 
>> I
>> don't do Adobe.)
> 
> The 10.0 installer does ZFS natively, which is why you can't find any
> instructions on how to set up ZFS manually on that platform.
> 
> However, to set up an encrypted root, you'll need to set up the
> encrypted partition with geli and then set up your ZFSes on top of 
> that.
> Which is basically a manual job.
> 
> You can follow the instructions here:
> 
>    https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/9.0-RELEASE
> 
> except that after item (7) -- gnop -- you'll need to insert creating
> your encrypted partitions and then modify the subsequent bits to refer
> to the /dev/gpt/foo.eli devices you create.  As far as ZFS goes, the
> sequence is essentially the same for 9.0 as for 10.0 except that
> wherever it says to use lzjb, you should substitute lz4.
> 
> 	Cheers,
> 
> 	Matthew

Actually, when using the 10 installer after you select ZFS install, you 
get an options screen that allows you to configure it to use encryption.

Full options configurable are as follows:
Pool Type/Disks
Poll Name
Force 4k Sectors
Encrypt Disks
Partition Scheme
Swap Size

I did a test install in vmware with the encryption options with no 
problems.  However I did end up choosing the manual method when I did my 
laptop setup for one simple reason.  I wanted to understand it fully in 
case I ran into a boot issue down the road and needed to go through a 
recovery process, and couldn't think of a better to know I understood it 
better than manually doing the setup.

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/