geli encryption

Title: zpool name change from default (Causes Errors post_install), Virtualized in VirtualBox 7.0 Debian-12.1.0-amd64 - FreeBSD 14.0-RELEASE-amd64 Guest O/S Hey everyone! My production server has been offline for over 1 year now due to unlawful Compromising. (Besides that _Fact_), I am...

Hi! I have a problem with resuming, after one more upgrade to newer sources. System version: FreeBSD bsdlap 14.0-STABLE FreeBSD 14.0-STABLE #0 stable/14-n265656-4671836d7ba3: Sat Oct 28 13:44:15 CEST 2023 root@bsdlap:/usr/obj/usr/src/amd64.amd64/sys/MINI amd64 After resuming system seems...

I have been testing my setup on an Oracle Virtual Box, Virtual Machine Manager, and VMware with EFI turned on. I have continued FreeBSD setup up to the Partitioning step, then selected shell and entered the following, # sysctl kern.disks # gpart destroy -F ada0 # gpart create -s gpt ada0 #...

My goal was to install FreeBSD with GELI and ZFS alongside of currently installed Windows 10. I am testing it on an Oracle Virtual Box with EFI turned on. I have continued FreeBSD setup up to the Partitioning step, then selected shell and entered the following, gpart add -t freebsd-swap -s...

I have a zfs pool which was originally setup as encrypted. Due to some hardware errors I replaced an encrypted member with its unencrypted counterpart. In other words: zpool replace zroot /dev/ada0p4.eli /dev/ada0p4. A second drive was also replaced and so I now have this: [root@vhost03 ~...

Hi, When on certain pools or datasets large files will be stored, it can be an advantage to use a larger recordsize of 1M in ZFS. Suppose the pool is encrypted by GELI, would it be better or worse to align the sectorsize of GELI with the recordsize of ZFS? In general i see GELI sectorsizes of...

Intro: Hi, I'm about to switch to FreeBSD for main dailly desktop usage, and I'm concerned about my data and slightly about performance. Context: My machine is 64bit and i know (based on what I've read online) that, SHA-512 is faster than SHA-256 on a 64bit system. Goal: So, i was wondering if...

I've just had a "wonderful" time thanks to whoever maintains zfs - after doing a zpool upgrade, it told me to do It didn't even tell me that this will break my EFI boot. Granted, I was stupid to simply believe what I read and to do it anyway, since it says "mbr" in there. Here comes the...

Hi People, using freebsd you can encrypt the system pool zroot. But then you have to enter the passphrase on each boot-up. Please, excuse that I do not know that much about geli and the boot up mechanisms in freebsd. I am still learning. As far as I know you can use key files to attach a geli...

Hi people, on one of my storage servers (12 spin disks), I run geli with AES CBC encryption due to prevent physical data hijacking by evil data center personel ;). As far as I know AES CBC is slower than AES XTC. How ever, I would like to ask you about your performance experience regarding...

I saw that 13.0-RELEASE came out and so I decided to take the opportunity to move my server from CentOS back to freebsd (I was previously a longtime user of FreeBSD but I switched a while back for reasons I can't quite remember). I decided during installation that I would like to encrypt my...

Hello, Just installed in VM FreeBSD on geli encrypted ZFS. All went well however after installing Xorg password prompt is hidden behind splash screen so no way to enter password. Unfortunately there is nothing to unset at boot prompt (option 3). I could just remove splash picture from single...

Hey all, I'm getting a little uncomfortable in my current situation: FreeBSD 11.3, using zfs. I just did a reboot because of some adjustments and after attaching every HDD to geli and mounting my 'tank0' the performance drops to unusable levels, mounting the pool itself takes ~1 minute. Right...

Hi, I have tried with both Mate and KDE, but it looks like there is no automatism to mount encrypted volumes. Something like LUKS volumes automount on Linux. It shows a nice dialog box asking for the password and then does all its things. I have a usb "data disk" that I insert when needed, so it...

I have got a FreeBSD system that I use as Samba server. It has only one partition. I'd like to split it into two partitions with os and data and encrypt the data partition with Geli. As I understand, I cannot shrink the partition? So, if I mount the disk on another system, cp -rp the disk...

I have two drives which are both geli encrypted and have the same partition scheme. I added both to an zfs mirror pool and created some smaller partitions in that pool. After a reboot im facing these problems: I can decrypt both drives, but only the first decrypted is shown as online and the...

Since this is not a hard technical question it was placed in off-topic. Please let me know if I should move it. When using geli encryption on larger ZFS machines, it would seem practical to have all of the disks share the same master key so that the administrator would not have to enter a...

I have 4 disks in a RAIDZ with geli encryption. I'm currently running FreeNAS 11.2. I'm posting here because their forum doesn't have a great reputation. One of them has been having issues so I decided to pull it and run a quick test to verify things. without thinking I decided to offline the...

I encrypted a partition with geli using the directions in the FreeBSD handbook. Currently, I am asked for a password at boot, and I can use the encrypted partition, which is not mounted as root. Is it possible for me to disable this automatic geli attach so that I can do it manually after boot...

I want to setup full-disk encryption on ZFS. Which method is better for doing that - gdbe or geli? Which encryption tool is better for encrypting swap and which is better for encrypting single partitions? Which tool has better compatibility with Linux - gdbe or geli? Which tool provides better...