I'm looking to implement a way to optionally auto-decrypt a single drive system at boot. The flow would be like this:
Install FreeBSD, one disk, use GELI encryption
Login, create a key: /root/quick-boot-with-no-password.key
Create a reboot/shutdown script that offers two option: reboot with...
I've been using ZFS encrypted datasets pretty much since the first day of availability. On this forum and also the mailing lists I see a lot of people running ZFS "on top of" GELI.
I'd like to ask: Is that usually more of a legacy thing or are there situations where one would prefer ZFS on GELI...
I had a setup with 4x4 TB disks, with two mirrors consisting of two disks each, giving me about 8 TB of usable storage space. One mirror consists of ada0 & ada2, the other mirror of ada1 & ada3.
I needed to upgrade storage space, so I decided to upgrade one mirror by resilvering two times. I...
In a fresh installed FreeBSD 13 with ZFS/GELI, When I reboot or power on the system, I get the following error after entering the storage password.
GELI Passphrase for disk0p4:
Calculating GELI Decryption Key for disk0p4: 2224665 iterations...
zio_read error: 45
zio_read error: 45...
I need to create a Encrypted Volume, backup it and transfer to another FreeBSD machine without SSH access.
I was successful in doing this, but I don't know if I do it the best way. If there is a better way,, please let me know.
1 - First I create de zroot Volume
$ zfs create -V 1g...
I'm experimenting with geli encryption on a spare laptop.
I've activated ZFS root encryption from the FreeBSD installer.
I'm using a french keyboard layout.
After POST, Geli prompts me for the passphrase with a US keyboard layout. That's annoying.
I've set the...
Hello! Could you help me to get ahead in solving the problem installation of FreeBSD12.2 with GELI encrypt?
My installation steps:
SSD (ada0) - system will install here
# gpart destroy -F ada0
# gpart create -s gpt ada0
HDD (ada1) - data disk
# gpart destroy -F ada1
# gpart create -s gpt ada1...
I've set up remote VPS systems with GELI disk encryption, including swap encryption, during FreeBSD 12.2 installation.
I've locked down SSH quite securely too so I presume now when remoting in, security is reasonably assured.
I want to address the possibility that within the VPS terminal's web...
I have a drive that has been sitting around for quite some time. I have tried multiple SATA USB adapters to no avail. When attempting to decrypt the device with GELI, I get this:
geli: Cannot read metadata from da0: Invalid argument.
geli: There was an error with at least one provider.
My system is encrypted with GELI and uses the AUTOZFS partition schema. I can successfully boot up without issues.
I would like to make a backup system that boots up with a USB key, and then after booted, I will remove the USB key. The backup system is completely headless, but if needed, I...
Just installed in VM FreeBSD on geli encrypted ZFS. All went well however after installing Xorg password prompt is hidden behind splash screen so no way to enter password.
Unfortunately there is nothing to unset at boot prompt (option 3). I could just remove splash picture from single...
The March/April 2020 edition of the FreeBSD Journal reports that native ZFS encryption is on its way to FreeBSD. Thank you, developers! No more need for stuffing ZFS pools inside GELI containers :)
And here was me thinking that having repartitioned my latop to use 12.1 with the fancy new UEFI...
I'm getting a little uncomfortable in my current situation:
FreeBSD 11.3, using zfs. I just did a reboot because of some adjustments and after attaching every HDD to geli and mounting my 'tank0' the performance drops to unusable levels, mounting the pool itself takes ~1 minute. Right...
From reading other posts, it looks like a UEFI + GELI + ZFS root system should be possible with 12.1. I used both the -b and the -g flags when setting up GELI, but I'm not even prompted for a password at boot. It looks like there might be an error, but it flashes by so quickly I can't read it...
I'm trying to set up a new system using EFI + GELI + UFS2 + encrypted root, with GELI configured to use AES-XTS 256 and HMAC/SHA256. After dding over areas of the disk (start/end, to set up initial HMACs) and then newfsing, I noticed that GELI was not using hardware crypto, but software. After...
I have two similar systems I'm testing as database hardware. Both consist of 8x Samsung 860 Pro SSD's attached to LSI9003-8i, 256GB ram, equal chassis/backplane. The only variance is one server is an Epyc 7371, and the other a Xeon Gold 6130. Some snippets to get the lay of the land, first the...
I have two drives which are both geli encrypted and have the same partition scheme.
I added both to an zfs mirror pool and created some smaller partitions in that pool.
After a reboot im facing these problems:
I can decrypt both drives, but only the first decrypted is shown as online and the...
I have a laptop with FreeBSD on encrypted ZFS. When I try to load with FreeBSD USB stick I always asked for geli passphrase. What is the strange behavior?? It is boot USB drive, isn't it? And if I wish to make a clean FreeBSD install? Tried with nomadBSD - all the same, tried with Arch...
How can I do that?
user@serv:~ % l /dev/mirror/mirror
119 crw-r----- 1 root operator - 0x77 Aug 8 14:01:02 2019 /dev/mirror/mirro
geli_mfid0p8_flags="-p -k /root/1.key"
geli_mirror_flags="-p -k /root/2.key"
mirror/mirror does not work as well.
First time, I have the following error.
user@hpv3:/root % sudo dd if=/dev/random of=/root/data1.key bs=64 count=1
1+0 records in
1+0 records out
64 bytes transferred in 0.000215 secs (297142 bytes/sec)
user@hpv3:/root % sudo geli init -s 4096 -K /root/da2.key /dev/mfid0p8
Enter new passphrase...