Can someone clarify how to use removable flash drive with encryption key with new full disc encryption process?
The new approach is to encrypt /boot altogether with /root filesystem.
So, as I understand, initial encryption performed by EFI loader.
Is there a way to pass keyfile to EFI loader...
Hello, I want try to change the US keymap (Stdin?) that GELI uses to input the password. I used the automatic ZFS Geli encryption.
Is it possible to change to spanish keyboard?
I was reading this:
But not solution found.
Thanks, I am newbie at Freebsd.
Sorry for my English.
So this is a long story.
Last week i've upgraded from a ML110 G5 -> ML110 G6.
I've been using FreeBSD for quite a while and been happy with it for a long time.
I've read multiple threads about the ML110G6 being unable to use the keyboard at the BSD Bootloader.
I would like to share HOWTO in 𝐅𝐫𝐞𝐞𝐁𝐒𝐃 𝐃𝐞𝐬𝐤𝐭𝐨𝐩 series about fonts and frameworks.
𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 - 𝗣𝗮𝗿𝘁 𝟮.𝟭 - 𝗜𝗻𝘀𝘁𝗮𝗹𝗹 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝟭𝟮
You may also like earlier articles in the series.
Part 1 – Simplified Boot...
Last week I tried to upgrade from source from 10.3-STABLE to 11.2-STABLE on my laptop but the new kernel (GENERIC) failed to boot.
I thought that it might be safer to upgrade from binary, so I built and installed 10.3-RELEASE in order to get freebsd-update working and then I...
Heres how to change the geli password for encrypted zfs root partition
find the root partition
ls /dev/ | grep eli
because i have an encrypted root and swap partition this returns 2 partitions
ada0p4.eli and ada0p5.eli
so we need to check /etc/fstab to see which partition is the swap and...
Hello, FreeBSD community.
I need help with booting from an encrypted partition. Until now, my EFI machine booted from an unencrypted ZFS, while the rest of the system resided on an encrypted ZFS. The layout was like this:
|- /dev/ada0p1 (efi, 800k)
I set up my FreeBSD-desktop nearly a year ago but with unencrypted disks (please don't ask…).
Now I am in the need to encrypt at least the home directory of my user. What would be the best way to do that without reinstalling my system?
I have two disks in one zpool-mirror taking up the whole...
I am setting up a FreeBSD file server with encrypted storage. The root filesystem is on ZFS and the storage disks are encrypted with GELI with ZFS on top of that.
Now I want to make it easy for both me and my wife to mount the pool using a password after the server boots. I have created...
FreeBSD 11.1 i386
I have compiled and installed openssl from ports, so there are:
a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/libcrypto.so.8, /usr/lib/libssl.so.8
b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/libcrypto.so.9...
I'm new to FreeBSD and learning about geli encryption. I've setup a system using the FreeBSD 11.1 installer. The storage setup is 4x 6TB disks using zfs. Using the installer I chose a RAID 1+0 setup (using all four disks), with full-disk encryption.
The installer created 2 zfs pools...
Does, or will, GELI support anything similar to the "AF-Splitter" found in LUKS? Its purpose is to mitigate the recovery of key material from remapped bad sectors of HDDs or SSDs. It stores some additional random data on the disk and xor-encrypts the encrypted key material with stuff...
I'm fairly new to ZFS, but I've been using derivatives of FreeBSD for a few years now, namely pfSense. I have set-up a system (Intel NUC NUC5CPYH, updated to latest firmware) to have a remote replica of a zfs volume on a USB 3.0-attached Seagate Backup+ Hub 8TB). I was slightly in doubt...
I was using geli to encrypt a 1TB disk, but the encrypted disk size much less than the original one.
Geom name: ada1.eli
I have exactly the same problem, which is also described in this thread.
However, the solution does not work for me.
Before the beastie menu, the boot loader asks for the password.
No matter what I enter there, the boot process continues.
Later, when the root system is to be mounted...
I just performed a FreeBSD 11.0 install using the guided ZFS install option with encryption enabled.
After installing, I'd now like to add an additional set of disks to decrypt at boot-time, ideally, using the same process as the root drives.
Could anyone point me to the documentation as to...
FreeBSD Geli encrypted container
FreeBSD geli encrypted container with zfs, truecrypt replacement
Support for geli is available as a loadable kernel module. To configure the system to automatically load the module at boot time, add the following line to /boot/loader.conf:
Hello everybody, I have just registered here because I am planning a project where I think FreeBSD could be the ideal OS.
I am currently running a dual boot system with Arch Linux and Windows 10. Both systems have FDE, Linux with LUKS (LVM) and Windows with Bitlocker, so data can not be easily...
I set this up last week it seems to work but whether it's actually a good idea or not ... in particular I wonder if I should have disabled the cache on the nested zpool rather than the parent zvol, and whether I actually need to unmount the nested zpool to snapshot and sync. It would be...
Nutshell: Do I only need the *.eli files from /var/backups if the drive metadata has become mangled? That is, an undamaged geli-encrypted device shouldn't need its backup .eli file, yes?
I recently managed to bork my system (only gets ~18 process IDs into boot before it segfaults attempting to...