Solved How to mount FreeBSD 12 GELI encrypted ZFS root manually?

Petr Fischer

Active Member

Reaction score: 9
Messages: 111

Hello! I have FreeBSD 12 installation with GELI encrypted ZFS root partition (created automatically from the installer). But now, my HW died and I need to import and mount the root filesystem as external disk. How can I mount this GELI encrypted ZFS root partition manually please?

Note: In the times of FreeBSD 11, I also had some GELI encrypted ZFS root installations, but I created it completely manually myself, I had the keys backuped etc. so I knew how to do all the steps - now, I am lost a little, because all things was created by the installer.

Are the installer steps documented somewhere?
Thanks!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,236
Messages: 31,984

First you need to get passed the encryption, you typically use:
geli attach -k /some/keyfile /dev/your/device

Once GELI is attached (no errors, key's correct, password etc) you'll get the *.eli device. From there you can use zfs import for example, or just zfs mount -a.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,236
Messages: 31,984

I'm not entirely sure but I believe recent installers create a small unencrypted ZFS bootpool. You can import that, if I recall correctly the key is stored there.
 

T-Daemon

Well-Known Member

Reaction score: 174
Messages: 493

... I need to import and mount the root filesystem as external disk.
Can't you boot the external disk? The BIOS/UEFI might have a boot device menu to choose which device to boot from. If not, changing the boot order in BIOS/UEFI should boot the external drive. Afterwards you can backup.
How can I mount this GELI encrypted ZFS root partition manually please?
Have a look at "mount FreeBSD encrypted ZFS from live CD AND find the root partition".
 
OP
OP
Petr Fischer

Petr Fischer

Active Member

Reaction score: 9
Messages: 111

SirDice - small unencrypted bootpool with kernel is from times of FreeBSD 11 - now, everything (kernel, root) is on encrypted zroot and of course, there is also small (512K) bootpartition with bootloader only. That's why it's a mystery to me.
 

T-Daemon

Well-Known Member

Reaction score: 174
Messages: 493

I think it's in order to point out, if you have valuable data, you should apply a backup plan.
 
OP
OP
Petr Fischer

Petr Fischer

Active Member

Reaction score: 9
Messages: 111

T-Daemon - I am just curious how to mount this encrypted partition created by FreeBSD 12 installer - if I am not able to do it, I don't know everything important about my system. Backups are another story.
 
OP
OP
Petr Fischer

Petr Fischer

Active Member

Reaction score: 9
Messages: 111

Found it: geli attach /dev/ada0p3 is enough! No key file, only passord (prompted by GELI)! So it is easier than I thought :)
 
Top