Solved How to mount FreeBSD 12 GELI encrypted ZFS root manually?

Hello! I have FreeBSD 12 installation with GELI encrypted ZFS root partition (created automatically from the installer). But now, my HW died and I need to import and mount the root filesystem as external disk. How can I mount this GELI encrypted ZFS root partition manually please?

Note: In the times of FreeBSD 11, I also had some GELI encrypted ZFS root installations, but I created it completely manually myself, I had the keys backuped etc. so I knew how to do all the steps - now, I am lost a little, because all things was created by the installer.

Are the installer steps documented somewhere?
Thanks!
 
First you need to get passed the encryption, you typically use:
geli attach -k /some/keyfile /dev/your/device

Once GELI is attached (no errors, key's correct, password etc) you'll get the *.eli device. From there you can use zfs import for example, or just zfs mount -a.
 
I'm not entirely sure but I believe recent installers create a small unencrypted ZFS bootpool. You can import that, if I recall correctly the key is stored there.
 
... I need to import and mount the root filesystem as external disk.
Can't you boot the external disk? The BIOS/UEFI might have a boot device menu to choose which device to boot from. If not, changing the boot order in BIOS/UEFI should boot the external drive. Afterwards you can backup.
How can I mount this GELI encrypted ZFS root partition manually please?
Have a look at "mount FreeBSD encrypted ZFS from live CD AND find the root partition".
 
SirDice - small unencrypted bootpool with kernel is from times of FreeBSD 11 - now, everything (kernel, root) is on encrypted zroot and of course, there is also small (512K) bootpartition with bootloader only. That's why it's a mystery to me.
 
T-Daemon - I am just curious how to mount this encrypted partition created by FreeBSD 12 installer - if I am not able to do it, I don't know everything important about my system. Backups are another story.
 
Found it: geli attach /dev/ada0p3 is enough! No key file, only passord (prompted by GELI)! So it is easier than I thought :)
 
oops.jpg




Wrong post... deleted text
 
Back
Top