encrypt whole system using zfs

Roland Smith rsmith at xs4all.nl
Thu Jul 29 12:52:47 UTC 2010

On Thu, Jul 29, 2010 at 01:26:19PM +0200, Jozsi Vadkan wrote:
> With dm_crypt&lvm, i can install a Debian [in sraid1], that has only the
> mbr & the "/boot" unencrypted. 
> So if someone steals the server/hdds, it can't do anything to them.
> That's ok.

They can wipe the harddrive and re-sell the machine or parts, which is what
most thieves are interested in, I suspect.

> I'm a newbie to FreeBSD, and I want to use it in the future. I'm looking
> for these "features", that i mentioned above.

IMHO, it is a bad idea to encrypt the standard OS data and files, because this
potentially gives an attacker a lot of "known plaintext" to attack the

It is better to put your data (and only your data) on a separate partition and
encrypt that with geli(8). Also, read §18.16.2 of the FreeBSD handbook that
deals with geli encryption.

> So, if someone has a little time, can someone post just a few
> howtos/links, how to do this?

Here you go: http://www.xs4all.nl/~rsmith/unix/encryption.xhtml

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100729/a0d7d978/attachment.pgp

More information about the freebsd-questions mailing list