Fellas!
I have a disk that has a new install of 8 on it. Currently unencrypted. I'm reading about geli for the first time and considering how I would enable geli on a volume with data already on it.
The handbook talks about creating a new encypted volumes from new slices. My system sits on a disk with a swap and a single slice on it and I want to encypt the lot. How would I go about doing this for the / slice with the data already there? does the geli init command encrypt the current contents before presenting the new .eli device or should I expect a blank volume?
Also the plan is to gjounal the root fs slice (160gb), geli both the root fs slice and swap and finally gmirror it. Then I have 8 other disks I plan to pop into RAIDZ and encypt with this guide: -
http://blog.experimentalworks.net/2008/03/setting-up-an-encrypted-zfs-with-freebsd/
Any words of warning here!? There is alot of encyption / block level data manipulation going on here. should I be worried about the overhead on a core2 2.3 quad?
Finally, Would I have to enter a passphrase for each encrypted volume I mount on boot? I could have upto 4 devices being mounted on boot when my backup disks are added to the system, 4 passwords and the os login is going to get annoying, I guess it's just the price you pay for security.
Thanks for any help, guidance, advice!!!!!
I have a disk that has a new install of 8 on it. Currently unencrypted. I'm reading about geli for the first time and considering how I would enable geli on a volume with data already on it.
The handbook talks about creating a new encypted volumes from new slices. My system sits on a disk with a swap and a single slice on it and I want to encypt the lot. How would I go about doing this for the / slice with the data already there? does the geli init command encrypt the current contents before presenting the new .eli device or should I expect a blank volume?
Also the plan is to gjounal the root fs slice (160gb), geli both the root fs slice and swap and finally gmirror it. Then I have 8 other disks I plan to pop into RAIDZ and encypt with this guide: -
http://blog.experimentalworks.net/2008/03/setting-up-an-encrypted-zfs-with-freebsd/
Any words of warning here!? There is alot of encyption / block level data manipulation going on here. should I be worried about the overhead on a core2 2.3 quad?
Finally, Would I have to enter a passphrase for each encrypted volume I mount on boot? I could have upto 4 devices being mounted on boot when my backup disks are added to the system, 4 passwords and the os login is going to get annoying, I guess it's just the price you pay for security.
Thanks for any help, guidance, advice!!!!!
