Load GELI encrypted installation with bootloader only

[abishai]

I've installed FreeBSD 11-RC1 on GELI encrypted ZFS dataset. I've noticed that I have additional pool, containing FreeBSD kernel. Are there any plans to use FreeBSD bootloader to support GELI directly ? The current implementation looks like a hack and have drawbacks when managing multiple BEs.

 

[ANOKNUSA]

Are there any plans to use FreeBSD bootloader to support GELI directly ?

Decryption is being integrated into the UEFI loader. It isn't expected until at least 11.1-RELEASE, though it's available for testing now and I would expect it to show up in 10-STABLE and 11-STABLE a short while before it appears on a -RELEASE.

The current implementation looks like a hack and have drawbacks when managing multiple BEs.

I wouldn't call it a "hack," since it's how it's done on other operating systems as a matter of technical necessity. You can still use boot environments, you just won't have a wrapper or a boot menu for them.

 

[abishai]

Nice, I hope it would be possible to convert existing installation to full disk geli encryption later. I'll go encrypted /home for now.