I am trying to setup an encrypted UFS-based desktop system with 14.2-RELEASE by doing partitioning and encryption by hand in shell before running the installer.
I am not at all interested in using ZFS for a variety of reasons, including the fact that I have a single disk and my automated encrypted backups, using duplicity, are all over the network and work beautifully. I am not here to start a flame war about the merits of ZFS. You like it - that is great. I just don't see the point in a single disk desktop system that is being setup for running heavy software that will need the RAM, and I have no desire to needlessly age the disks. This is not a server, and I trust the backup system I have. Color me an undying fan of minimalism and pure functionality.
So, please focus on my question below instead of suggesting ZFS.
The problem is that after I create the EFI partition and the boot partition, followed by the remaining space as a geli container, there is no viable way to do a geli attach, followed by creating (inside the decrypted block device) separate partitions for swap, root, var, tmp and home, before returning to the installer to finish the job.
While disklabel might work after geli attach, this nice BSD feature will get removed in FreeBSD 15 as this is deprecated. I plan to use this system for at least another 5-6 years. That is why I am not doing it that way.
gpart create etc obviously don't work on /dev/gpt/ENCRYPT.eli after attaching.
Is FreeBSD not too subtly telling UFS users to migrate to ZFS even if they don't need to and have better uses for their RAM (like doing actual work) with the single disk they are working with?
On Linux, this is ridiculously easy because of LVM. But I don't know what is the equivalent in FreeBSD after the upcoming removal of bsdlabels.
Is this a reflection of the fact that the desktop isn't a target for FreeBSD? If I were running a server only system, this would make sense.
Edit: I have edited the title and the post as many responders (my thanks to everyone trying to assist) are providing links to HOWTOs with a single encrypted partition, or are assuming that I am not using the shell.
I am not at all interested in using ZFS for a variety of reasons, including the fact that I have a single disk and my automated encrypted backups, using duplicity, are all over the network and work beautifully. I am not here to start a flame war about the merits of ZFS. You like it - that is great. I just don't see the point in a single disk desktop system that is being setup for running heavy software that will need the RAM, and I have no desire to needlessly age the disks. This is not a server, and I trust the backup system I have. Color me an undying fan of minimalism and pure functionality.
So, please focus on my question below instead of suggesting ZFS.
The problem is that after I create the EFI partition and the boot partition, followed by the remaining space as a geli container, there is no viable way to do a geli attach, followed by creating (inside the decrypted block device) separate partitions for swap, root, var, tmp and home, before returning to the installer to finish the job.
While disklabel might work after geli attach, this nice BSD feature will get removed in FreeBSD 15 as this is deprecated. I plan to use this system for at least another 5-6 years. That is why I am not doing it that way.
gpart create etc obviously don't work on /dev/gpt/ENCRYPT.eli after attaching.
Is FreeBSD not too subtly telling UFS users to migrate to ZFS even if they don't need to and have better uses for their RAM (like doing actual work) with the single disk they are working with?
On Linux, this is ridiculously easy because of LVM. But I don't know what is the equivalent in FreeBSD after the upcoming removal of bsdlabels.
Is this a reflection of the fact that the desktop isn't a target for FreeBSD? If I were running a server only system, this would make sense.
Edit: I have edited the title and the post as many responders (my thanks to everyone trying to assist) are providing links to HOWTOs with a single encrypted partition, or are assuming that I am not using the shell.
