I was using geli to encrypt a 1TB disk, but the encrypted disk size much less than the original one.
Geom name: ada1.eli
I have exactly the same problem, which is also described in this thread.
However, the solution does not work for me.
Before the beastie menu, the boot loader asks for the password.
No matter what I enter there, the boot process continues.
Later, when the root system is to be mounted...
I just performed a FreeBSD 11.0 install using the guided ZFS install option with encryption enabled.
After installing, I'd now like to add an additional set of disks to decrypt at boot-time, ideally, using the same process as the root drives.
Could anyone point me to the documentation as to...
FreeBSD Geli encrypted container
FreeBSD geli encrypted container with zfs, truecrypt replacement
Code on Github
Support for geli is available as a loadable kernel module. To configure the system to automatically load the module at boot time, add the following line to /boot/loader.conf...
Hello everybody, I have just registered here because I am planning a project where I think FreeBSD could be the ideal OS.
I am currently running a dual boot system with Arch Linux and Windows 10. Both systems have FDE, Linux with LUKS (LVM) and Windows with Bitlocker, so data can not be easily...
I set this up last week it seems to work but whether it's actually a good idea or not ... in particular I wonder if I should have disabled the cache on the nested zpool rather than the parent zvol, and whether I actually need to unmount the nested zpool to snapshot and sync. It would be...
Nutshell: Do I only need the *.eli files from /var/backups if the drive metadata has become mangled? That is, an undamaged geli-encrypted device shouldn't need its backup .eli file, yes?
I recently managed to bork my system (only gets ~18 process IDs into boot before it segfaults attempting to...
I have a zfs pool encrypted with geli. After a clean system boot, I mount the geli devices, then do zfs status tank so the pool is discovered. The system panics. I found and old thread documenting a similar issue (involving SSDs and GELI), but it still seems to be happening. Here's my stack...
I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition.
I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck.
These are the steps which I tried:
# boot FreeBSD...
I've recently moved my system to new box. At first boot up I got an error with attaching my encrypted disks (GELI) saying there's a problem with metadata. So I've restored it with my backup file with geli restore. Attaching is no longer an issue now I can't mount it or even fsck.
I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries.
Should I find one that employs guards with machine guns, still there is a point from which it isn’t...
I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode.
Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad.
newfs throws the error "newfs: can't...
Previously, I only had these two lines in /etc/rc.conf:
geli_ada2p1_flags=" -k /root/geli.key"
But due to other options, I want the passphrase to be asked during the initial phase of the boot process. So, what I did according to what I've read was to add these lines...
I have read a lot about gbde, geli and dm-crypt under linux, but a question remains: Why would iI store my master key on the disk? Seriously! Anybody could rip the metadata off the disk in no time and brute force the password in a cluster without even having additional encrypted sample data...
I have question.
I've FreeBSD 10.2 installed on my server.
I've added GELI support in kernel.
Now, I want to added load options for GELI in kernel :
Is it possible to do it...
I have multiple internal drives that are encrypted with geli via a password only. I am running 10.1 presently, and upon reboot I am asked for a password to decrypt the drives and continue the boot process. I do not have anything in /boot/loader.conf about them, other than instructing it...