From nobody Sun Jun 29 14:26:59 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bVWpD2fDNz60JKs; Sun, 29 Jun 2025 14:27:16 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bVWpC1v0qz4JPF; Sun, 29 Jun 2025 14:27:15 +0000 (UTC) (envelope-from asomers@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.218.51 as permitted sender) smtp.mailfrom=asomers@gmail.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=freebsd.org (policy=none) Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-ae3703c2a8bso218360966b.0; Sun, 29 Jun 2025 07:27:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751207233; x=1751812033; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5vHE4tLGxaoiPOmr/fZF0o856+nZgFJuJ24u1nWu2Q4=; b=RPabxshRwolqeXZi87zezPwOcXZH7MqZ+s/s1mGlx5NcpgaHKhiLJEZhWufgR6hyKy er0PCZl/QZX4641EDG7weFPs3wWC6wPnjSj+Og7vPUmNEjb82vx+xoXO/wMY0I/s60VF Tc8O1BotfcwGbWRFo2k08QoVhHxBMv2fkM6Ssl2RSKzAPlekJgff6Thoawo2Ueze8amY mzPJq3ZiZ8vIGT38WFEu8ikUmc1UjgUWVN1fuhXlQbWnduvn6cHD5LdgRnCk0r1qqMdq wja1N3CqX1hHuguxwLVnVtDGX26oUrFPr7AyAJLTsLUa0benrhip417/HsdDXN4W1bbc 1Neg== X-Forwarded-Encrypted: i=1; AJvYcCUgp7mLt6lGJ4JC6yjG1zP3T8rkMMn8AWQ2kuDz2+PfyH3TaBDFgD5hNJmmQ1Jm19iM3j6cinV7xD2+pMHZYoc=@freebsd.org X-Gm-Message-State: AOJu0YzpuAIYm0uHHv0RRS6yFpjKRGXpd+J/22r0s3YD2feu7zdO0+Rw Sec0KqZpt2RublKOVtJs0xaZTIDN29e7s1iYgBfYf1XNMdHTaxjWh6PSTgX4sACp/VDF6IAN0+J BJiOgDKYDOyyJMGkgu4lPt7Ah4wYkaNpNbw== X-Gm-Gg: ASbGncuTj6Mn5pWThPjEZY2URbD51ytc0Z7RyFTqZydHX3keDdnMV6Y+Jf2kqcF3G1h G5aK+7YWib0MWvX0mIESXdSwdCgTc//Y9kPMzUvWH20pzG9TVnDsu/JvtpAXg5losZ+lQm3yK9F mRawsTvHf3p8BYNq8mDa4skAU0RKjJMkQpxE1W/w4ut14= X-Google-Smtp-Source: AGHT+IEL2v9MYyJQNSgnSj12tigWaMlym4yku1jurQpScBZ0Ky8Ad0hX7SYlzVTFzvzLBOnD+ud3CFtTJJrvNTnR72E= X-Received: by 2002:a17:906:f595:b0:ad8:a329:b490 with SMTP id a640c23a62f3a-ae34fee1812mr935591566b.23.1751207232640; Sun, 29 Jun 2025 07:27:12 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Alan Somers Date: Sun, 29 Jun 2025 08:26:59 -0600 X-Gm-Features: Ac12FXz5Q-v58kR5SprK3GYEyxSb-MCcJlozSFeByTqqxWPL5JK2RXcZRPnH4Tw Message-ID: Subject: Re: removing GELI from a zfs-on-root system To: freebsd-fs@freebsd.org, freebsd-current@freebsd.org Content-Type: multipart/alternative; boundary="00000000000007a00d0638b6b574" X-Spamd-Result: default: False [2.66 / 15.00]; NEURAL_SPAM_LONG(1.00)[0.999]; NEURAL_SPAM_MEDIUM(0.95)[0.947]; NEURAL_SPAM_SHORT(0.72)[0.718]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RWL_MAILSPIKE_GOOD(-0.10)[209.85.218.51:from]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), No valid DKIM,none]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; MISSING_XM_UA(0.00)[]; FREEFALL_USER(0.00)[asomers]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_DKIM_NA(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.218.51:from]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-fs@freebsd.org,freebsd-current@freebsd.org]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4bVWpC1v0qz4JPF X-Spamd-Bar: ++ --00000000000007a00d0638b6b574 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Jun 29, 2025 at 8:13=E2=80=AFAM void wrote: > Hi, > > I'd like to remove the GELI prompt/functionality from > a root-on-zfs system. How can I do this without re-initialising > the whole system? It's not a redundant array - it's just one disk. > > There are some methods turning up in a search, but from years ago, > and zfs is a fast-moving target. They're all using redundant > arrays in their examples. > > What I'm after is the latest approved/proper method to remove GELI > from the booted, unlocked, single-disk zfs system. Is this possible > in-situ? Nope. One way or another you will need to copy the entire disk. You can't just remove the encryption sector-by-sector. --00000000000007a00d0638b6b574 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, Jun 29, 2025 at 8:13=E2=80=AFAM void = <void@f-m.fm> wrote:
Hi,

I'd like to remove the GELI prompt/functionality from
a root-on-zfs system. How can I do this without re-initialising
the whole system? It's not a redundant array - it's just one disk.<= br>
There are some methods turning up in a search, but from years ago,
and zfs is a fast-moving target. They're all using redundant
arrays in their examples.

What I'm after is the latest approved/proper method to remove GELI
from the booted, unlocked, single-disk zfs system. Is this possible in-situ= ?

Nope.=C2=A0 One way or another you will n= eed to copy the entire disk.=C2=A0 You can't just remove the encryption= sector-by-sector.
--00000000000007a00d0638b6b574--