Howdy-ha, all. First off, let me just admit to my own ignorance and say that the title may not have strict bearing on my situation, as my present goal---two GELI-encrypted SSD partitions---may or may not be necessary, nevermind possible. I'm setting up my home server with a totally new storage scheme involving two HDDs, an SSD, and ZFS, and was wondering how well ZFS and GELI play together (the "server" is a laptop, hence the encryption). I understand that ZFS automatically handles TRIM-capable devices, but I haven't been able to find out if GELI might interfere with it in some way (as it apparently does interfere with UFS + Gjournal). Here's the present game plan:
It seems to me that the L2ARC cache partition and ZIL partition could hold potentially sensitive data, and so should be encrypted. If encryption with GELI isn't a possibility than I may have to rethink things. The laptop does feature per-disk passwords in the BIOS menu, so if the data on those two SSD partitions is worthless outside a running system then that password should itself be suitable protection, but I can't see that being the case. Finally, I should probably point out that full system encryption isn't exactly vital---I'm mostly interested in the learning process and giving any potential burglars the finger. Thanks in advance.
- Two HDDs with a striped zpool:
- One 2Tb HDD with one ZFS partition, encrypted
- One 750 Gb HDD with one ZFS partition, encrypted
- One 2Tb HDD with one ZFS partition, encrypted
- One 40Gb MSATA SSD with the following partition scheme:
- One 2Gb partition for the base system, encrypted
- One ~20Gb partition for the ZFS L2ARC cache, encrypted
- One ~20Gb partition for the ZFS ZIL, encrypted
- One 2Gb partition for the base system, encrypted
- One USB thumb drive containing /boot and the GELI keys
It seems to me that the L2ARC cache partition and ZIL partition could hold potentially sensitive data, and so should be encrypted. If encryption with GELI isn't a possibility than I may have to rethink things. The laptop does feature per-disk passwords in the BIOS menu, so if the data on those two SSD partitions is worthless outside a running system then that password should itself be suitable protection, but I can't see that being the case. Finally, I should probably point out that full system encryption isn't exactly vital---I'm mostly interested in the learning process and giving any potential burglars the finger. Thanks in advance.