Encrypting a zfs zvol device with gbde

Alain De Vos

Daemon

Reaction score: 613
Messages: 2,073

Why would you encrypt a zfs zvol device with gbde ? Because you can, and it is easy.
1.You stay away from system,boot&root partitions so you don't have boot problems.
2. Most private data is relative small. And fits in one directory with subdirectories.
Note : zfs allows encryption by itself but this method is more instructive.

Load the kernel module,
Code:
kldload geom_bde.ko
Create the zvol
Code:
zfs create -V 10G ZPOOL/private
Set the volmode
Code:
zfs set volmode=full ZPOOL/private
Make a lock file directory
Code:
mkdir /etc/gbde
Encrypt the device. Enter a passphrase. As blocksize you can choose 4096 which is 512*8
Code:
gbde init /dev/zvol/ZPOOL/private -i -L /etc/gbde/private.lock
Format the encrypted device to UFS
Code:
newfs -U -j -O 2 /dev/zvol/ZPOOL/private.bde
Mount the encrypted device,
Code:
mkdir /private
mount /dev/zvol/ZPOOL/private.bde /private
Set ownership & rwx flags,
Code:
chown myuser:mygroup /private
chmod 700 /private
The encrypted directory /private is ready to be used

A script to attach&mount,
Code:
/sbin/gbde attach /dev/zvol/ZPOOL/private -l /etc/gbde/private.lock
/sbin/mount /dev/zvol/ZPOOL/private.bde /private
/bin/df -H | /usr/bin/grep private

A script to unmount&detatch,
Code:
/sbin/umount /private
/bin/df -H | /usr/bin/grep private
/sbin/gbde detach /dev/zvol/ZPOOL/private
 
Top