geli

  1. R

    Solved Wrong geli mediasize?

    Hi, I was using geli to encrypt a 1TB disk, but the encrypted disk size much less than the original one. Geom name: ada1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 AuthenticationAlgorithm: HMAC/SHA256 Crypto: software Version: 7 UsedKey: 0 Flags: AUTH KeysAllocated: 1864...
  2. sHagen

    uefi + geli + zfs: password twice?

    Hello, I have exactly the same problem, which is also described in this thread. However, the solution does not work for me. Before the beastie menu, the boot loader asks for the password. No matter what I enter there, the boot process continues. Later, when the root system is to be mounted...
  3. F

    Solved Adding additional GELI encrypted devices to decrypt at boot time-ZFS on Root without boot partition

    I just performed a FreeBSD 11.0 install using the guided ZFS install option with encryption enabled. After installing, I'd now like to add an additional set of disks to decrypt at boot-time, ideally, using the same process as the root drives. Could anyone point me to the documentation as to...
  4. NapoleonWils0n

    Geli encrypted container with zfs, truecrypt replacement

    FreeBSD Geli encrypted container FreeBSD geli encrypted container with zfs, truecrypt replacement Code on Github Support for geli is available as a loadable kernel module. To configure the system to automatically load the module at boot time, add the following line to /boot/loader.conf...
  5. I

    Server (NFS,SMB,CUPS,DLNA...)

    Hello everybody, I have just registered here because I am planning a project where I think FreeBSD could be the ideal OS. I am currently running a dual boot system with Arch Linux and Windows 10. Both systems have FDE, Linux with LUKS (LVM) and Windows with Bitlocker, so data can not be easily...
  6. dch

    ZFS geli encrypted nested zpool

    hey, I set this up last week it seems to work but whether it's actually a good idea or not ... in particular I wonder if I should have disabled the cache on the nested zpool rather than the parent zvol, and whether I actually need to unmount the nested zpool to snapshot and sync. It would be...
  7. L

    Solved Preparing to restore geli devices - clarification on .eli files

    Nutshell: Do I only need the *.eli files from /var/backups if the drive metadata has become mangled? That is, an undamaged geli-encrypted device shouldn't need its backup .eli file, yes? I recently managed to bork my system (only gets ~18 process IDs into boot before it segfaults attempting to...
  8. D

    ZFS System crashes on "zpool status tank" on 11.0-RELEASE-p2

    I have a zfs pool encrypted with geli. After a clean system boot, I mount the geli devices, then do zfs status tank so the pool is discovered. The system panics. I found and old thread documenting a similar issue (involving SSDs and GELI), but it still seems to be happening. Here's my stack...
  9. JohnnySorocil

    FreeBSD encrypted ZFS without boot partition

    Hi I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition. I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck. These are the steps which I tried: # boot FreeBSD...
  10. vojtaz

    UFS After GELI restore metadata can't fsck or mount

    Hi guys, I've recently moved my system to new box. At first boot up I got an error with attaching my encrypted disks (GELI) saying there's a problem with metadata. So I've restored it with my backup file with geli restore. Attaching is no longer an issue now I can't mount it or even fsck. When...
  11. M

    Startup hosting and sleeping well (encryption)

    I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries. Should I find one that employs guards with machine guns, still there is a point from which it isn’t...
  12. A

    Geli with asynchronous chained crypto operations

    Hello, I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode. Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad. newfs throws the error "newfs: can't...
  13. L

    Solved geli passphrase asked twice: on boot and afterwards

    Hi, Previously, I only had these two lines in /etc/rc.conf: geli_devices="ada2p1" geli_ada2p1_flags=" -k /root/geli.key" But due to other options, I want the passphrase to be asked during the initial phase of the boot process. So, what I did according to what I've read was to add these lines...
  14. sku1d

    Solved Question about disk encryption: Why the master key always gets stored on the encrypted disk?

    I have read a lot about gbde, geli and dm-crypt under linux, but a question remains: Why would iI store my master key on the disk? Seriously! Anybody could rip the metadata off the disk in no time and brute force the password in a cluster without even having additional encrypted sample data...
  15. E

    Solved loader.conf options in my kernel

    Hi, guys! I have question. I've FreeBSD 10.2 installed on my server. I've added GELI support in kernel. Now, I want to added load options for GELI in kernel : geli_<device_name>_<name_key>_name geli_<device_name>_<name_key>_type geli_<device_name>_<name_key>_load Is it possible to do it...
  16. aorchid

    Other geli and external firewire drive boot question

    Hello, I have multiple internal drives that are encrypted with geli via a password only. I am running 10.1 presently, and upon reboot I am asked for a password to decrypt the drives and continue the boot process. I do not have anything in /boot/loader.conf about them, other than instructing it...
Top