Heres how to change the geli password for encrypted zfs root partition
find the root partition
ls /dev/ | grep eli
because i have an encrypted root and swap partition this returns 2 partitions
ada0p4.eli and ada0p5.eli
so we need to check /etc/fstab to see which partition is the swap and...
Hello, FreeBSD community.
I need help with booting from an encrypted partition. Until now, my EFI machine booted from an unencrypted ZFS, while the rest of the system resided on an encrypted ZFS. The layout was like this:
|- /dev/ada0p1 (efi, 800k)
I set up my FreeBSD-desktop nearly a year ago but with unencrypted disks (please don't ask…).
Now I am in the need to encrypt at least the home directory of my user. What would be the best way to do that without reinstalling my system?
I have two disks in one zpool-mirror taking up the whole...
I am setting up a FreeBSD file server with encrypted storage. The root filesystem is on ZFS and the storage disks are encrypted with GELI with ZFS on top of that.
Now I want to make it easy for both me and my wife to mount the pool using a password after the server boots. I have created...
FreeBSD 11.1 i386
I have compiled and installed openssl from ports, so there are:
a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/libcrypto.so.8, /usr/lib/libssl.so.8
b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/libcrypto.so.9...
I'm new to FreeBSD and learning about geli encryption. I've setup a system using the FreeBSD 11.1 installer. The storage setup is 4x 6TB disks using zfs. Using the installer I chose a RAID 1+0 setup (using all four disks), with full-disk encryption.
The installer created 2 zfs pools...
Does, or will, GELI support anything similar to the "AF-Splitter" found in LUKS? Its purpose is to mitigate the recovery of key material from remapped bad sectors of HDDs or SSDs. It stores some additional random data on the disk and xor-encrypts the encrypted key material with stuff...
I'm fairly new to ZFS, but I've been using derivatives of FreeBSD for a few years now, namely pfSense. I have set-up a system (Intel NUC NUC5CPYH, updated to latest firmware) to have a remote replica of a zfs volume on a USB 3.0-attached Seagate Backup+ Hub 8TB). I was slightly in doubt...
I was using geli to encrypt a 1TB disk, but the encrypted disk size much less than the original one.
Geom name: ada1.eli
I have exactly the same problem, which is also described in this thread.
However, the solution does not work for me.
Before the beastie menu, the boot loader asks for the password.
No matter what I enter there, the boot process continues.
Later, when the root system is to be mounted...
I just performed a FreeBSD 11.0 install using the guided ZFS install option with encryption enabled.
After installing, I'd now like to add an additional set of disks to decrypt at boot-time, ideally, using the same process as the root drives.
Could anyone point me to the documentation as to...
FreeBSD Geli encrypted container
FreeBSD geli encrypted container with zfs, truecrypt replacement
Support for geli is available as a loadable kernel module. To configure the system to automatically load the module at boot time, add the following line to /boot/loader.conf:
Hello everybody, I have just registered here because I am planning a project where I think FreeBSD could be the ideal OS.
I am currently running a dual boot system with Arch Linux and Windows 10. Both systems have FDE, Linux with LUKS (LVM) and Windows with Bitlocker, so data can not be easily...
I set this up last week it seems to work but whether it's actually a good idea or not ... in particular I wonder if I should have disabled the cache on the nested zpool rather than the parent zvol, and whether I actually need to unmount the nested zpool to snapshot and sync. It would be...
Nutshell: Do I only need the *.eli files from /var/backups if the drive metadata has become mangled? That is, an undamaged geli-encrypted device shouldn't need its backup .eli file, yes?
I recently managed to bork my system (only gets ~18 process IDs into boot before it segfaults attempting to...
I have a zfs pool encrypted with geli. After a clean system boot, I mount the geli devices, then do zfs status tank so the pool is discovered. The system panics. I found and old thread documenting a similar issue (involving SSDs and GELI), but it still seems to be happening. Here's my stack...
I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition.
I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck.
These are the steps which I tried:
# boot FreeBSD...
I've recently moved my system to new box. At first boot up I got an error with attaching my encrypted disks (GELI) saying there's a problem with metadata. So I've restored it with my backup file with geli restore. Attaching is no longer an issue now I can't mount it or even fsck.
I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries.
Should I find one that employs guards with machine guns, still there is a point from which it isn’t...
I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode.
Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad.
newfs throws the error "newfs: can't...