Using GELI on boot disk with GPT labels?

Ben Lavery ben.lavery at
Sun Jan 12 16:30:29 UTC 2020

Hi all,

I've recently bought my first home server and am planning to run FreeBSD 
12.1-RELEASE on it.

I would like to GELI encrypt (password based) all of the hard drives I 
put into the server so that if/when they fail I can safely and 
confidently dispose of them.

When setting up the server, I followed a number of recommendations to 
use GPT labels for disks with a naming scheme that would allow me to 
easily identify where failed disks physically are in the server (there 
are 12 bays).
However, when I booted up the server after installing on an installer 
configured zpool with GELI encryption, I noted that the disk IDs (e.g. 
da0p3) was being used, and this seemed to extend to disks in different 
(non-root) zpools.

I decided to do an experiment in VirtualBox with FreeBSD 12.1-RELEASE:

1. To install FreeBSD on ZFS with GELI encryption

2. To install FreeBSD on ZFS without GELI

(Links above show commands + output/details of installation)

I found that when I didn't use GELI I was able to use GPT labels, 
however when I _did_ use GELI GPT labels were not available to me.

Is there a way to encrypt my boot pool _and_ use GPT labels?
If not, I would be interested to learn why.

Many thanks,

More information about the freebsd-questions mailing list