I am installing and trying to decide if I want to install zfs on top of geli . I am trying to learn if there are any downsides other than enter in a passphrase at boot and possible more resources. I guess the complexity is increased. I would like to use boot environments too, any limitations when / is encrypted? Thanks!
I have read Absolute FreeBSD, it's a little older, references version 11. It states there is a limitation when using GELI :
"Boot environments do not work when a host requires a separate boot pool.
The installer handles boot pools for you. They appear when combining UEFI
and GELI, or when using ZFS on an MBR-partitioned disk."
During my testing though I wasn't able to reproduce any issue. There is the a separate FAT boot efi partition but that would be on a geli or non-gel install. /boot is included in / dataset. I guess I am being cautious. I am afraid to get down the road and zfs on geli prevents me from doing something or makes life hard for no reason. I really only want my file data set encrypted but thought if there wasn't any downsides to / being encrypted I would do that too.
I have read Absolute FreeBSD, it's a little older, references version 11. It states there is a limitation when using GELI :
"Boot environments do not work when a host requires a separate boot pool.
The installer handles boot pools for you. They appear when combining UEFI
and GELI, or when using ZFS on an MBR-partitioned disk."
During my testing though I wasn't able to reproduce any issue. There is the a separate FAT boot efi partition but that would be on a geli or non-gel install. /boot is included in / dataset. I guess I am being cautious. I am afraid to get down the road and zfs on geli prevents me from doing something or makes life hard for no reason. I really only want my file data set encrypted but thought if there wasn't any downsides to / being encrypted I would do that too.