[Bug 260138] TPM2 Support in bootloader / kernel in order to retrieve GELI passphrase

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260138] TPM2 Support in bootloader / kernel in order to retrieve GELI passphrase"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 18 Apr 2025 18:58:29 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260138

Roberto Aguilar <r@rreboto.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |r@rreboto.com

--- Comment #5 from Roberto Aguilar <r@rreboto.com> ---
I'm interested in the TPM2-based functionality in this patch and am curious if
it could be applied to supply the secret to ZFS root filesystem using native
encryption [1].

While it is possible to put ZFS on top of a GELI-encrypted filesystem, one of
the main reasons I'm looking to get native ZFS encryption is to be able to send
the encrypted filesystem over the wire to a remote system.  This would give me
offsite backups to a remote system that doesn't need to know the encryption
key.

Thanks!

[1] https://www.zfshandbook.com/docs/security/encryption/
[2]
https://forums.freebsd.org/threads/howto-geli-zfs-for-whole-system-inc-root-with-boot-from-usb-stick.2775/

-- 
You are receiving this mail because:
You are the assignee for the bug.