geli

hey, I set this up last week it seems to work but whether it's actually a good idea or not ... in particular I wonder if I should have disabled the cache on the nested zpool rather than the parent zvol, and whether I actually need to unmount the nested zpool to snapshot and sync. It would be...

Nutshell: Do I only need the *.eli files from /var/backups if the drive metadata has become mangled? That is, an undamaged geli-encrypted device shouldn't need its backup .eli file, yes? I recently managed to bork my system (only gets ~18 process IDs into boot before it segfaults attempting to...

I have a zfs pool encrypted with geli. After a clean system boot, I mount the geli devices, then do zfs status tank so the pool is discovered. The system panics. I found and old thread documenting a similar issue (involving SSDs and GELI), but it still seems to be happening. Here's my stack...

Hi I am trying to install FreeBSD 11.0-RELEASE on the GELI encrypted ZFS pool without /boot on a separate unencrypted partition. I tried this on real hardware (ThinkPad T420s laptop) and under VirtualBox (both with UEFI) without luck. These are the steps which I tried: # boot FreeBSD...

Hi guys, I've recently moved my system to new box. At first boot up I got an error with attaching my encrypted disks (GELI) saying there's a problem with metadata. So I've restored it with my backup file with geli restore. Attaching is no longer an issue now I can't mount it or even fsck. When...

I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries. Should I find one that employs guards with machine guns, still there is a point from which it isn’t...

Hello, I am writing a driver for PCI crypto card. The driver supports both synch and asynch mode. Problem is when offloading auth+cipher(chained) operations to hardware with geli when driver is in asynch mode. Either writes or reads are always going bad. newfs throws the error "newfs: can't...

Hi, Previously, I only had these two lines in /etc/rc.conf: geli_devices="ada2p1" geli_ada2p1_flags=" -k /root/geli.key" But due to other options, I want the passphrase to be asked during the initial phase of the boot process. So, what I did according to what I've read was to add these lines...

I have read a lot about gbde, geli and dm-crypt under linux, but a question remains: Why would iI store my master key on the disk? Seriously! Anybody could rip the metadata off the disk in no time and brute force the password in a cluster without even having additional encrypted sample data...

Hi, guys! I have question. I've FreeBSD 10.2 installed on my server. I've added GELI support in kernel. Now, I want to added load options for GELI in kernel : geli_<device_name>_<name_key>_name geli_<device_name>_<name_key>_type geli_<device_name>_<name_key>_load Is it possible to do it...

Hello, I have multiple internal drives that are encrypted with geli via a password only. I am running 10.1 presently, and upon reboot I am asked for a password to decrypt the drives and continue the boot process. I do not have anything in /boot/loader.conf about them, other than instructing it...