[geli] Does a swap partition inside a partitioned geli device still need onetime?

F

fonz

As far as I can tell there are two ways of setting up encrypted swap:
  • Take a plaintext partition (e.g. /dev/ada0p2) and put a geli_swap_flags line in /etc/rc.conf, which causes the creation of a /dev/ada0p2.eli device and an invokation of geli onetime to create a swap partition encrypted with a random one-time key.
  • Take a partition inside a partitioned geli device, e.g. /dev/ada0s1.elib, and use that.
In the latter case (i.e. using a partition inside a partitioned geli device), does one still need to use geli_swap_flags? My guess is no, because the partition being used for swap is already contained within an encrypted device. But I'd like to make sure so if someone can call "confirmed" or "busted" I'd be much obliged.

Fonz
 
You must log in or register to reply here.
Back
Top