Using GELI on boot disk with GPT labels?
Ben Lavery
ben.lavery at hashbang0.com
Sun Jan 12 16:30:29 UTC 2020
Hi all,
I've recently bought my first home server and am planning to run FreeBSD
12.1-RELEASE on it.
I would like to GELI encrypt (password based) all of the hard drives I
put into the server so that if/when they fail I can safely and
confidently dispose of them.
When setting up the server, I followed a number of recommendations to
use GPT labels for disks with a naming scheme that would allow me to
easily identify where failed disks physically are in the server (there
are 12 bays).
However, when I booted up the server after installing on an installer
configured zpool with GELI encryption, I noted that the disk IDs (e.g.
da0p3) was being used, and this seemed to extend to disks in different
(non-root) zpools.
I decided to do an experiment in VirtualBox with FreeBSD 12.1-RELEASE:
1. To install FreeBSD on ZFS with GELI encryption
https://gist.github.com/forquare/b4e12938b1240238ef64e3d6ba5d9669
2. To install FreeBSD on ZFS without GELI
https://gist.github.com/forquare/8049282d742c94b67f08a81d828e8d13
(Links above show commands + output/details of installation)
I found that when I didn't use GELI I was able to use GPT labels,
however when I _did_ use GELI GPT labels were not available to me.
Is there a way to encrypt my boot pool _and_ use GPT labels?
If not, I would be interested to learn why.
Many thanks,
Ben
More information about the freebsd-questions
mailing list