• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

geli

  1. N

    Solved Can't boot from encrypted partition.

    Hello, FreeBSD community. I need help with booting from an encrypted partition. Until now, my EFI machine booted from an unencrypted ZFS, while the rest of the system resided on an encrypted ZFS. The layout was like this: /dev/ada0 |- /dev/ada0p1 (efi, 800k) |- /dev/ada0p2...
  2. N

    Encrypting home on a system already in use

    I set up my FreeBSD-desktop nearly a year ago but with unencrypted disks (please don't ask…). Now I am in the need to encrypt at least the home directory of my user. What would be the best way to do that without reinstalling my system? I have two disks in one zpool-mirror taking up the whole...
  3. B

    Other geli attach and mount for non-root user

    Hello! I am setting up a FreeBSD file server with encrypted storage. The root filesystem is on ZFS and the storage disks are encrypted with GELI with ZFS on top of that. Now I want to make it easy for both me and my wife to mount the pool using a password after the server boots. I have created...
  4. E

    Compile GELI with OpenSSL from ports

    FreeBSD 11.1 i386 I have compiled and installed openssl from ports, so there are: a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/libcrypto.so.8, /usr/lib/libssl.so.8 and b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/libcrypto.so.9...
  5. A

    ZFS FreeBSD 11.1 geli keys from bsd-installer

    Hi, I'm new to FreeBSD and learning about geli encryption. I've setup a system using the FreeBSD 11.1 installer. The storage setup is 4x 6TB disks using zfs. Using the installer I chose a RAID 1+0 setup (using all four disks), with full-disk encryption. The installer created 2 zfs pools...
  6. geek

    Other Anti-forensic key splitting for GELI?

    Hi. Does, or will, GELI support anything similar to the "AF-Splitter" found in LUKS? Its purpose is to mitigate the recovery of key material from remapped bad sectors of HDDs or SSDs. It stores some additional random data on the disk and xor-encrypts the encrypted key material with stuff...
  7. K

    Trouble with ZFS import/export

    Hi all, I'm fairly new to ZFS, but I've been using derivatives of FreeBSD for a few years now, namely pfSense. I have set-up a system (Intel NUC NUC5CPYH, updated to latest firmware) to have a remote replica of a zfs volume on a USB 3.0-attached Seagate Backup+ Hub 8TB). I was slightly in doubt...
  8. R

    Solved Wrong geli mediasize?

    Hi, I was using geli to encrypt a 1TB disk, but the encrypted disk size much less than the original one. Geom name: ada1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 AuthenticationAlgorithm: HMAC/SHA256 Crypto: software Version: 7 UsedKey: 0 Flags: AUTH KeysAllocated: 1864...
  9. sHagen

    uefi + geli + zfs: password twice?

    Hello, I have exactly the same problem, which is also described in this thread. However, the solution does not work for me. Before the beastie menu, the boot loader asks for the password. No matter what I enter there, the boot process continues. Later, when the root system is to be mounted...
  10. F

    Solved Adding additional GELI encrypted devices to decrypt at boot time-ZFS on Root without boot partition

    I just performed a FreeBSD 11.0 install using the guided ZFS install option with encryption enabled. After installing, I'd now like to add an additional set of disks to decrypt at boot-time, ideally, using the same process as the root drives. Could anyone point me to the documentation as to...
  11. N

    Geil encrypted container with zfs, truecrypt replacement

    FreeBSD Geli encrypted container FreeBSD geli encrypted container with zfs, truecrypt replacement Support for geli is available as a loadable kernel module. To configure the system to automatically load the module at boot time, add the following line to /boot/loader.conf: geom_eli_load="YES"...
  12. I

    Server (NFS,SMB,CUPS,DLNA...)

    Hello everybody, I have just registered here because I am planning a project where I think FreeBSD could be the ideal OS. I am currently running a dual boot system with Arch Linux and Windows 10. Both systems have FDE, Linux with LUKS (LVM) and Windows with Bitlocker, so data can not be easily...
  13. dch

    ZFS geli encrypted nested zpool

    hey, I set this up last week it seems to work but whether it's actually a good idea or not ... in particular I wonder if I should have disabled the cache on the nested zpool rather than the parent zvol, and whether I actually need to unmount the nested zpool to snapshot and sync. It would be...
  14. L

    Solved Preparing to restore geli devices - clarification on .eli files

    Nutshell: Do I only need the *.eli files from /var/backups if the drive metadata has become mangled? That is, an undamaged geli-encrypted device shouldn't need its backup .eli file, yes? I recently managed to bork my system (only gets ~18 process IDs into boot before it segfaults attempting to...
  15. D

    ZFS System crashes on "zpool status tank" on 11.0-RELEASE-p2

    I have a zfs pool encrypted with geli. After a clean system boot, I mount the geli devices, then do zfs status tank so the pool is discovered. The system panics. I found and old thread documenting a similar issue (involving SSDs and GELI), but it still seems to be happening. Here's my stack...
  16. JohnnySorocil

    FreeBSD encrypted ZFS without boot partition

    Hi I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition. I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck. These are the steps which I tried: # boot FreeBSD...
  17. V

    UFS After GELI restore metadata can't fsck or mount

    Hi guys, I've recently moved my system to new box. At first boot up I got an error with attaching my encrypted disks (GELI) saying there's a problem with metadata. So I've restored it with my backup file with geli restore. Attaching is no longer an issue now I can't mount it or even fsck. When...
  18. M

    Startup hosting and sleeping well (encryption)

    I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries. Should I find one that employs guards with machine guns, still there is a point from which it isn’t...
  19. A

    Geli with asynchronous chained crypto operations

    Hello, I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode. Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad. newfs throws the error "newfs: can't...
  20. L

    Solved geli passphrase asked twice: on boot and afterwards

    Hi, Previously, I only had these two lines in /etc/rc.conf: geli_devices="ada2p1" geli_ada2p1_flags=" -k /root/geli.key" But due to other options, I want the passphrase to be asked during the initial phase of the boot process. So, what I did according to what I've read was to add these lines...
Top