geli - is it better to partition then encrypt, or vice versa ?
Pete French
petefrench at ingresso.co.uk
Sun Apr 18 07:32:03 UTC 2021
On 17/04/2021 21:18, Karl Denninger wrote:
> This also makes "geli groups" trivial in /etc/rc.conf for attachment at
> boot time irrespective of whether they physically come up in the same
> place (again typically yes, but in the case of a failure or you plug it
> into a different adapter.....)
Ah, now this interests me. Because I was setting a variable called
'geli_devices=' in /etc/rc.conf to contain all my drives. But then one
day I forgot to add one and it worked anyway, and then I subsequently
discovered it works even if I dont have that variable at all, so I no
longer bother. Never looked into why I dont need it - I suspected it was
because all the devices are marked as requiring a password at boot time
so it found them via searching for that without needing the variable.
But yes, the GPT labelling thing is a very good reason for keeping them
partitioned on a physical machine.
-pete.
More information about the freebsd-stable
mailing list