UFS Encrypted Automated Install

Polytropon freebsd at edvax.de
Tue Mar 5 23:10:04 UTC 2019

On Tue, 5 Mar 2019 16:19:13 +0100 (CET), su- at tutamail.com wrote:
> Are there any plans to have an automated encrypted  UFS install option
> in the freebsd iso's (what encryption options were available prior to zfs) 

UFS does not have a native encryption mechanism. It has to be added
by an additional layer, and GELI is the common suggestion, even though
you can also use GDBE.

More information here:


Don't be confused by the examples using the MBR slice + BSD partitions
approach. It works the same for today's disks and SSDs with GPT. :-)

You could probably do something like this: In the installer, drop to
the command line and prepare the disk. Create the partitions and set
the required flags; use "geli init", then "geli attach", and then use
newfs with options as needed. Add a label with "newfs -L" if you wish.
To check if everything works as intended, mount and umount the partition.
Then return to the installer, _not_ using "geli detach". The installer
should then be able to use /dev/ada0p1.eli as / partition.

I have not tested this particular approach (mine are usually entirely
scripted), but this should be possible with the current version of

Having a convenient option in bsdinstall to automate the tasks of preparing
(initializing and attaching) target partition(s) for a system installation
would be nice.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list