Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 7 Mar 2014 10:18:12 -0800
From:      <dteske@FreeBSD.org>
To:        <dweimer@dweimer.net>, "'Matthew Seaman'" <m.seaman@infracaninophile.co.uk>
Cc:        freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org
Subject:   RE: FreeBSD 10 RELEASE amd64 how to install on single drive with encrypted ZFS root?
Message-ID:  <1a6b01cf3a31$9aa7f220$cff7d660$@FreeBSD.org>
In-Reply-To: <10334f5b74b05d9445d071bd08f73a24@dweimer.net>
References:  <53197EF6.4070902@holgerdanske.com> <5319913D.4040207@infracaninophile.co.uk> <10334f5b74b05d9445d071bd08f73a24@dweimer.net>

next in thread | previous in thread | raw e-mail | index | archive | help


> -----Original Message-----
> From: dweimer [mailto:dweimer@dweimer.net]
> Sent: Friday, March 7, 2014 6:18 AM
> To: Matthew Seaman
> Cc: freebsd-questions@freebsd.org; owner-freebsd-questions@freebsd.org
> Subject: Re: FreeBSD 10 RELEASE amd64 how to install on single drive with
> encrypted ZFS root?
> 
> On 03/07/2014 3:28 am, Matthew Seaman wrote:
> > On 03/07/14 08:10, David Christensen wrote:
> >> The FreeBSD manual covers 9 and the wiki "Root on ZFS" article covers
> >> 8.
> >>
> >> STFW I've found several things for 9, but no direct hits for 10 with
> >> encrypted ZFS root.  (There is a Flash video that might cover it, but
> >> I don't do Adobe.)
> >
> > The 10.0 installer does ZFS natively, which is why you can't find any
> > instructions on how to set up ZFS manually on that platform.
> >
> > However, to set up an encrypted root, you'll need to set up the
> > encrypted partition with geli and then set up your ZFSes on top of
> > that.
> > Which is basically a manual job.
> >
> > You can follow the instructions here:
> >
> >    https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/9.0-RELEASE
> >
> > except that after item (7) -- gnop -- you'll need to insert creating
> > your encrypted partitions and then modify the subsequent bits to refer
> > to the /dev/gpt/foo.eli devices you create.  As far as ZFS goes, the
> > sequence is essentially the same for 9.0 as for 10.0 except that
> > wherever it says to use lzjb, you should substitute lz4.
> >
> > 	Cheers,
> >
> > 	Matthew
> 
> Actually, when using the 10 installer after you select ZFS install, you
get an
> options screen that allows you to configure it to use encryption.
> 
> Full options configurable are as follows:
> Pool Type/Disks
> Poll Name
> Force 4k Sectors
> Encrypt Disks
> Partition Scheme
> Swap Size
> 
> I did a test install in vmware with the encryption options with no
problems.
> However I did end up choosing the manual method when I did my laptop setup
> for one simple reason.  I wanted to understand it fully in case I ran into
a boot
> issue down the road and needed to go through a recovery process, and
couldn't
> think of a better to know I understood it better than manually doing the
setup.
> 
[Devin Teske] 

http://www.bsdnow.tv/tutorials/fde

There's a shiny picture at the bottom that shows the option that you need to
select.
The page is also good for explaining the full picture for each generation.
As you can
see, the section on 10.0 is pretty short-and-sweet.
-- 
Devin

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1a6b01cf3a31$9aa7f220$cff7d660$>