geli encryption

I have a zfs pool which was originally setup as encrypted. Due to some hardware errors I replaced an encrypted member with its unencrypted counterpart. In other words: zpool replace zroot /dev/ada0p4.eli /dev/ada0p4. A second drive was also replaced and so I now have this: [root@vhost03 ~...

Hi, When on certain pools or datasets large files will be stored, it can be an advantage to use a larger recordsize of 1M in ZFS. Suppose the pool is encrypted by GELI, would it be better or worse to align the sectorsize of GELI with the recordsize of ZFS? In general i see GELI sectorsizes of...

Intro: Hi, I'm about to switch to FreeBSD for main dailly desktop usage, and I'm concerned about my data and slightly about performance. Context: My machine is 64bit and i know (based on what I've read online) that, SHA-512 is faster than SHA-256 on a 64bit system. Goal: So, i was wondering if...

I've just had a "wonderful" time thanks to whoever maintains zfs - after doing a zpool upgrade, it told me to do It didn't even tell me that this will break my EFI boot. Granted, I was stupid to simply believe what I read and to do it anyway, since it says "mbr" in there. Here comes the...

Hi People, using freebsd you can encrypt the system pool zroot. But then you have to enter the passphrase on each boot-up. Please, excuse that I do not know that much about geli and the boot up mechanisms in freebsd. I am still learning. As far as I know you can use key files to attach a geli...

Hi people, on one of my storage servers (12 spin disks), I run geli with AES CBC encryption due to prevent physical data hijacking by evil data center personel ;). As far as I know AES CBC is slower than AES XTC. How ever, I would like to ask you about your performance experience regarding...

I saw that 13.0-RELEASE came out and so I decided to take the opportunity to move my server from CentOS back to freebsd (I was previously a longtime user of FreeBSD but I switched a while back for reasons I can't quite remember). I decided during installation that I would like to encrypt my...

Hello, Just installed in VM FreeBSD on geli encrypted ZFS. All went well however after installing Xorg password prompt is hidden behind splash screen so no way to enter password. Unfortunately there is nothing to unset at boot prompt (option 3). I could just remove splash picture from single...

Hey all, I'm getting a little uncomfortable in my current situation: FreeBSD 11.3, using zfs. I just did a reboot because of some adjustments and after attaching every HDD to geli and mounting my 'tank0' the performance drops to unusable levels, mounting the pool itself takes ~1 minute. Right...

Hi, I have tried with both Mate and KDE, but it looks like there is no automatism to mount encrypted volumes. Something like LUKS volumes automount on Linux. It shows a nice dialog box asking for the password and then does all its things. I have a usb "data disk" that I insert when needed, so it...

I have got a FreeBSD system that I use as Samba server. It has only one partition. I'd like to split it into two partitions with os and data and encrypt the data partition with Geli. As I understand, I cannot shrink the partition? So, if I mount the disk on another system, cp -rp the disk...

I have two drives which are both geli encrypted and have the same partition scheme. I added both to an zfs mirror pool and created some smaller partitions in that pool. After a reboot im facing these problems: I can decrypt both drives, but only the first decrypted is shown as online and the...

Since this is not a hard technical question it was placed in off-topic. Please let me know if I should move it. When using geli encryption on larger ZFS machines, it would seem practical to have all of the disks share the same master key so that the administrator would not have to enter a...

I have 4 disks in a RAIDZ with geli encryption. I'm currently running FreeNAS 11.2. I'm posting here because their forum doesn't have a great reputation. One of them has been having issues so I decided to pull it and run a quick test to verify things. without thinking I decided to offline the...

I encrypted a partition with geli using the directions in the FreeBSD handbook. Currently, I am asked for a password at boot, and I can use the encrypted partition, which is not mounted as root. Is it possible for me to disable this automatic geli attach so that I can do it manually after boot...

I want to setup full-disk encryption on ZFS. Which method is better for doing that - gdbe or geli? Which encryption tool is better for encrypting swap and which is better for encrypting single partitions? Which tool has better compatibility with Linux - gdbe or geli? Which tool provides better...

I have been using freenas 11.1 and I posted on the freenas forums the following I had a RaidZ volume with 4 drives and after detaching the volume I am not able to import the volume. I am getting and error (the following disks failed to attach). I did some looking and I found out that I have 2...

Hello there, just started to explore encryption in FreeBSD and got some questions. Trying to add encrypted partition on FreeBSD10.3 GELI/Blowfish-CBC. AES on / and /swap works fine, but I can't add an additional encrypted partition using Blowfish. Here is the way I did it: # mount -o exec...

Hello, I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode. Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad. newfs throws the error "newfs: can't...

PROS: Tow OSes taking full advantage of machine resources CONS: Missing share data capabilities but it is an upcoming fix. So far so good, dual booting Windows 7 and FreeBSD by taking full advantage of the machine resources. The mix involves hosting the FreeBSD root partition on same hard...