geli

Introduction: This is a guide on how to dual boot windows 11 and FreeBSD 14. I recently received a fantastic laptop that happens to be surprisingly compatible with FreeBSD, so I highly recommend it, and no, I am not sponsored by MSI; I have merely fought enough laptops to recognize a keeper when...

geli(8) is one of the most powerful block device-layer disk encryption system available in FreeBSD, which protects our data against cold storage attacks. geli(8) encrypts our data so that a skilled intruder cannot see sensitive documents, or modify our data without us noticing that a...

Similar to how BitLocker and LUKS partitions can be unlocked by the TPM. I was able to do it on my Debian system by adding an additional LUKS key and saving it in my TPM and when the system starts up, it asks for it from the TPM (my extremely basic understanding of it).

For years now, I've been setting up my FreeBSD servers with GELI encrypting nearly the entire disk (except for boot stuff). Long ago I did this manually, but in recent years I've been letting the standard FreeBSD installer process do it for me. When the machine powers up, it boots as far as...

Hello my new friends, it’s me again, I am now on day 3 of FreeBSD and I have almost set up all the important bits. I set up a RAID1 for my 2 disks that hold my home directory per the handbook, and then set up a geli partition on that mirror device as described in the handbook, and then I put...

I have a 13.2-RELEASE-p4 machine with four hard drives. They are all partitioned just like this one: # gpart show ada0 => 40 35156656048 ada0 GPT (16T) 40 532480 1 efi (260M) 532520 2008 - free - (1.0M) 534528 33554432 2...

Hi folks, I wonder if I can enable lz4 compression on a mirror over geli. I am concerned that I am going to have quite CPU overhead and therefore poor performance. What do the expert say? Thanks 🙏

Guys I changed my disks in my T430 to make a better backup routine. Before I had a strip with 3 ssd's with 1 tb each. I changed to root in a 240gb, home in a 1tb, and I left 1tb for dual booting with OBSD. And the last 1tb I took out of the note and put it in a case for external use. Everything...

Hi, When on certain pools or datasets large files will be stored, it can be an advantage to use a larger recordsize of 1M in ZFS. Suppose the pool is encrypted by GELI, would it be better or worse to align the sectorsize of GELI with the recordsize of ZFS? In general i see GELI sectorsizes of...

Hello. I'm using GELI on my laptop for whole disk encryption. Boot partition is located on separate thumb-drive. My loader.conf contains such strings for decryption: The questions are: 1. Is it possible to move this keys to another thumb drive in such a way that loader could find them while...

I have the GELI key, but the associated pool (HDDs) unavailable currently (phisically). Can I check my password(s) with the keyfile only, without the encrypted media? If I know, the keyfile contains the keychain(s), protected by password(s). I would like to check this password, but without...

I have a second GELI encrypted ZFS pool separate from my OS disks. At boot the loader prompts for my GELI password for OS, but it does not unlock the non-OS disks with the same key. Instead while booting I am prompted a second time to unlock the disks in zdata. I've tried using FDE raw w/ GELI...

Hi, I want to learn about how exactly boot process of FreeBSD 13.1 with GELI + ZFS on Root on UEFI works. I read about loader, UEFI, geli and, still I can not understand it. Also I have some more specific questions too: I have two partitions. EFI and ZFS. The whole root filesystem is in ZFS...

Hi, On this forum and on internet many things are found about GELI. What I was looking for is: - That GELI boots from the local disks on the machine - It works with a passphrase and a keyfile. - The keyfile is located on a USB I have the impression this setup is not possible, but I want to...

Issue: System will lock up on on file transfers(sometimes) to a External USB drive. HDD: Segate IronWolf 4TB, GELI encrypted with ZFS pool on it usb chipset: ASM1153E Memory: 32GB DDR4 PNY CPU: Ryzen 5 Pro 2400GE Description: External USB 3.1 drive using ASM1153E IC will lock up the entire...

Intro: Hi, I'm about to switch to FreeBSD for main dailly desktop usage, and I'm concerned about my data and slightly about performance. Context: My machine is 64bit and i know (based on what I've read online) that, SHA-512 is faster than SHA-256 on a 64bit system. Goal: So, i was wondering if...

Hi, I want to move the entire OS (GELI+ZFSOnRoot) to another disk. I had execute these commands to make this happen: Setup my new disk partition table (similar to old one): gpart create -s gpt nvd0 gpart add -a 1M -s 260M -t efi -l efiboot1 nvd0 gpart add -a 1M -s 4G -t freebsd-swap -l swap1...

I'm looking to implement a way to optionally auto-decrypt a single drive system at boot. The flow would be like this: Install FreeBSD, one disk, use GELI encryption Login, create a key: /root/quick-boot-with-no-password.key Create a reboot/shutdown script that offers two option: reboot with...

I've been using ZFS encrypted datasets pretty much since the first day of availability. On this forum and also the mailing lists I see a lot of people running ZFS "on top of" GELI. I'd like to ask: Is that usually more of a legacy thing or are there situations where one would prefer ZFS on GELI...

I had a setup with 4x4 TB disks, with two mirrors consisting of two disks each, giving me about 8 TB of usable storage space. One mirror consists of ada0 & ada2, the other mirror of ada1 & ada3. I needed to upgrade storage space, so I decided to upgrade one mirror by resilvering two times. I...