I'm experimenting with geli encryption on a spare laptop.
I've activated ZFS root encryption from the FreeBSD installer.
I'm using a french keyboard layout.
After POST, Geli prompts me for the passphrase with a US keyboard layout. That's annoying.
I've set the...
Hello! Could you help me to get ahead in solving the problem installation of FreeBSD12.2 with GELI encrypt?
My installation steps:
SSD (ada0) - system will install here
# gpart destroy -F ada0
# gpart create -s gpt ada0
HDD (ada1) - data disk
# gpart destroy -F ada1
# gpart create -s gpt ada1...
I've set up remote VPS systems with GELI disk encryption, including swap encryption, during FreeBSD 12.2 installation.
I've locked down SSH quite securely too so I presume now when remoting in, security is reasonably assured.
I want to address the possibility that within the VPS terminal's web...
I have a drive that has been sitting around for quite some time. I have tried multiple SATA USB adapters to no avail. When attempting to decrypt the device with GELI, I get this:
geli: Cannot read metadata from da0: Invalid argument.
geli: There was an error with at least one provider.
My system is encrypted with GELI and uses the AUTOZFS partition schema. I can successfully boot up without issues.
I would like to make a backup system that boots up with a USB key, and then after booted, I will remove the USB key. The backup system is completely headless, but if needed, I...
Just installed in VM FreeBSD on geli encrypted ZFS. All went well however after installing Xorg password prompt is hidden behind splash screen so no way to enter password.
Unfortunately there is nothing to unset at boot prompt (option 3). I could just remove splash picture from single...
The March/April 2020 edition of the FreeBSD Journal reports that native ZFS encryption is on its way to FreeBSD. Thank you, developers! No more need for stuffing ZFS pools inside GELI containers :)
And here was me thinking that having repartitioned my latop to use 12.1 with the fancy new UEFI...
I'm getting a little uncomfortable in my current situation:
FreeBSD 11.3, using zfs. I just did a reboot because of some adjustments and after attaching every HDD to geli and mounting my 'tank0' the performance drops to unusable levels, mounting the pool itself takes ~1 minute. Right...
From reading other posts, it looks like a UEFI + GELI + ZFS root system should be possible with 12.1. I used both the -b and the -g flags when setting up GELI, but I'm not even prompted for a password at boot. It looks like there might be an error, but it flashes by so quickly I can't read it...
I'm trying to set up a new system using EFI + GELI + UFS2 + encrypted root, with GELI configured to use AES-XTS 256 and HMAC/SHA256. After dding over areas of the disk (start/end, to set up initial HMACs) and then newfsing, I noticed that GELI was not using hardware crypto, but software. After...
I have two similar systems I'm testing as database hardware. Both consist of 8x Samsung 860 Pro SSD's attached to LSI9003-8i, 256GB ram, equal chassis/backplane. The only variance is one server is an Epyc 7371, and the other a Xeon Gold 6130. Some snippets to get the lay of the land, first the...
I have two drives which are both geli encrypted and have the same partition scheme.
I added both to an zfs mirror pool and created some smaller partitions in that pool.
After a reboot im facing these problems:
I can decrypt both drives, but only the first decrypted is shown as online and the...
I have a laptop with FreeBSD on encrypted ZFS. When I try to load with FreeBSD USB stick I always asked for geli passphrase. What is the strange behavior?? It is boot USB drive, isn't it? And if I wish to make a clean FreeBSD install? Tried with nomadBSD - all the same, tried with Arch...
How can I do that?
user@serv:~ % l /dev/mirror/mirror
119 crw-r----- 1 root operator - 0x77 Aug 8 14:01:02 2019 /dev/mirror/mirro
geli_mfid0p8_flags="-p -k /root/1.key"
geli_mirror_flags="-p -k /root/2.key"
mirror/mirror does not work as well.
First time, I have the following error.
user@hpv3:/root % sudo dd if=/dev/random of=/root/data1.key bs=64 count=1
1+0 records in
1+0 records out
64 bytes transferred in 0.000215 secs (297142 bytes/sec)
user@hpv3:/root % sudo geli init -s 4096 -K /root/da2.key /dev/mfid0p8
Enter new passphrase...
Hello! I have FreeBSD 12 installation with GELI encrypted ZFS root partition (created automatically from the installer). But now, my HW died and I need to import and mount the root filesystem as external disk. How can I mount this GELI encrypted ZFS root partition manually please?
Note: In the...
I'm installing FreeBSD 12.0-Release and I'm using the Shell option in the installer to partition my disk by hand.
I have a swap and a root partition. I'm using GPT label to label them, and GELI for the encryption.
After completing the installation and rebooting the host, I'm asked for...
I have a box with FreeBSD 11.1-STABLE r326098 amd64. It have a ZFS root on GELI encrypted providers:
scan: none requested
NAME STATE READ WRITE CKSUM
bootpool ONLINE 0 0 0...
Using a live media, I have taken a dd image of my main encrypted zfs GELI FreeBSD partition (not the entire disk) and of the encrypted key file as well.
The dd image and the encrypted file are on an external disk now.
Now I started FreeBSD normally, I did mdconfig and did a geli attach of the dd...
Can someone clarify how to use removable flash drive with encryption key with new full disc encryption process?
The new approach is to encrypt /boot altogether with /root filesystem.
So, as I understand, initial encryption performed by EFI loader.
Is there a way to pass keyfile to EFI loader...