eli encrypted providers for zfs raidz1
Marco Steinbach
coco at executive-computing.de
Mon Nov 19 02:27:25 UTC 2018
On Sun, 18 Nov 2018 01:00:11 -0500
"Kevin P. Neal" <kpn at neutralgood.org> wrote:
> On Sat, Nov 17, 2018 at 11:08:09PM +0100, Marco Steinbach wrote:
> > I think I'll start by looking at how encrpyted swap is mounted --
> > since, oddly, I have 11.2 occassionally ask me again for the eli
> > swap providers passphrase during boot from a encrypted zroot. The
> > system was installed using the encrypted swap and zroot option of
> > the installer.
>
> I thought encrypted swap was considered not a good idea. Am I wrong
> that it can, in some circumstances, result in deadlocks in low RAM
> situations?
>
Putting swap on an encrypted ZVOL might end the system up in a deadlock
according to https://wiki.freebsd.org/ZFSQuickStartGuide -- I am
running my swap of off a separate swap partition.
For reference, I also wanted crashdumps to work with my encrypted swap
partition, and was pleasantly surprised by that all I needed to do was
add 'late' to the eli swap fstab entries options, and then point
dumpdev to the underlying partition. I panicked the system using
debug.kdb.panic, and after rebooting, my crashdump sat in /var/crash.
Since this leaks a lot of unencrypted information to the swap
partition, I'll only enable this, if I really need it.
MfG CoCo
More information about the freebsd-geom
mailing list