Where to find a guide about install FreeBSD with UEFI/ZFS/FULL+SWAP ENCRYPTION and keylength=512 on One DISK stripped

[dahikino]

Hello all,

I search the way to install FreeBSD to replace my main system under Arch Linux but with some constraints !
I'm newbie on FreeBSD. I wanted to use the standard installer but i see that i can not change the keylength of the encryption !

it is possible to change the default value of the installer ?

Best Regards.

 

[T-Daemon]

it is possible to change the default value of the installer ?

On the installer image, in file /usr/libexec/bsdinstall/zfsboot, edit lines down below, replace value of 256 (geli(8)):

196 GELI_PASSWORD_INIT='geli init -b -B "%s" -e %s -J - -K "%s" -l 256 -s 4096 "%s"'
197 GELI_PASSWORD_GELIBOOT_INIT='geli init -bg -e %s -J - -l 256 -s 4096 "%s"'

 

[T-Daemon]

Should have read the man page first, geli(8) doesn't accept a key length higher than 256, sorry dahikino.

 

[rigoletto@]

ZFS has native encryption now and you may just fall to console before actually installing to activate it (or do after the installation but just then new written data will be encrypted, and IIRC once set ON it cannot be set OFF) . I regards to swap, this is of little to no relevance if done during installation or not. You can switch it on/off, change the algorithms etc. at any time.

Just don't ask me more details about the ZFS native encryption because I don't use it.