converting root zfs volume to GELI

J

jtotheh

I have a box with the root filesystem on ZFS, and it has beadm environments. It's running 10.2-RELEASE-p9. Is there a way I can convert the root ZFS filesystem to be GELI encrypted?
 
getopt said:
Conversion? If there were one, it would be dangerous loosing data, if something went wrong.
Convenient? Depends on definition.

First backup your system.
a) Your data
b) Your configurations
c) optional: all which is not a) or b)

Carefully read geli(8) as you have to make some decisions i.e. algorithm, key length and so on. There you can also read about preparing the device.eli with dd if/dev/random of=<your device.eli>. This "converts" all physical data to nirwana, which is not the conversion you initially thought of, but pretty cleansed.

Once you have a running system on top of Geli you can restore from your backups.
Click to expand...


I was hoping to convert each disk/partition to GELI one at a time til they were all converted. Also, will the beadm functionality work with encrypted ZFS root?
 
Once the disk is encrypted with GELI it will function transparently.
 
You must log in or register to reply here.
Back
Top