ZFS Where is the geli encyption keyfile for a default zfs-on-root encrypted install?

O

opmetal

I had a disk failure so just built a new 11.1 install. On my old 10.4 system the zroot pool's geli encryption keyfile was /boot/encryption.key but now there's no such thing in /boot. I'd like to backup the keyfile but can't find it.

The "geli dump" of my boot partition makes no reference to a keyfile (I never ran this command before so don't know what it looked like on my old 10.4 system):
Code: 
 # geli dump -v ada0p3
Metadata on ada0p3:
     magic: GEOM::ELI
   version: 7
     flags: 0x82
     ealgo: AES-XTS
    keylen: 256
  provsize: 77877739520
sectorsize: 4096
      keys: 0x01
iterations: 936781
      Salt: XXXX
Master Key: YYYY
  MD5 hash: ZZZZ

Thanks!
opmetal
 
It may have been created without a keyfile. You can set a keyfile, a password or both.
 
I don't recall there being an option (or mention) in the installer of a keyfile, only the password. Is there a way to see if a keyfile exists for this provider? Not seeing anything else that's relevant in the geli manpage.

SirDice said:
It may have been created without a keyfile. You can set a keyfile, a password or both.
Click to expand...
 
To be honest I have no idea what the installer does these days. But geli(8) itself can work with a keyfile, a password or both.
 
You must log in or register to reply here.
Back
Top