I set up a test server this morning that has an encrypted ZFS root using geli. The /boot is on an external USB drive which boots the system and stores the encryption keys. This seems to work great and from a security point of view is good as I can remove the USB drive and take it with me and my encryption keys are safe (and no one can read my ZFS root drive without the USB key).
The question I have is, how do I create a clone (or backup) bootable USB key so that if the main one I currently uses gets lost or stops working I can still boot the system?
I tried the following on a second USB drive:
I'm not sure what went wrong as I had to cancel the command after 30 minutes.
Any ideas?
The question I have is, how do I create a clone (or backup) bootable USB key so that if the main one I currently uses gets lost or stops working I can still boot the system?
I tried the following on a second USB drive:
Code:
gpart create -s gpt da1
gpart add -s 128 -t freebsd-boot da1
gpart add -t freebsd-zfs da1
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da1
zpool create bootdir2 /dev/da1p2
zfs snapshot -r bootdir@clone
zfs send bootdir@clone | zfs receive -F bootdir2I'm not sure what went wrong as I had to cancel the command after 30 minutes.
Any ideas?