From owner-freebsd-questions@FreeBSD.ORG Fri Mar 7 18:20:28 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 18B0694B; Fri, 7 Mar 2014 18:20:28 +0000 (UTC) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6EDFFE3A; Fri, 7 Mar 2014 18:20:27 +0000 (UTC) Received: from smarthost.fisglobal.com ([10.132.206.191]) by ltcfislmsgpa04.fnfis.com (8.14.5/8.14.5) with ESMTP id s27III1l000441 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 7 Mar 2014 12:18:19 -0600 Received: from THEMADHATTER (10.242.181.54) by smarthost.fisglobal.com (10.132.206.191) with Microsoft SMTP Server id 14.3.174.1; Fri, 7 Mar 2014 12:18:16 -0600 From: Sender: Devin Teske To: , "'Matthew Seaman'" References: <53197EF6.4070902@holgerdanske.com> <5319913D.4040207@infracaninophile.co.uk> <10334f5b74b05d9445d071bd08f73a24@dweimer.net> In-Reply-To: <10334f5b74b05d9445d071bd08f73a24@dweimer.net> Subject: RE: FreeBSD 10 RELEASE amd64 how to install on single drive with encrypted ZFS root? Date: Fri, 7 Mar 2014 10:18:12 -0800 Message-ID: <1a6b01cf3a31$9aa7f220$cff7d660$@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQF0C2PIOT0DD3gD1tjGF6Qa8NBRSQKo1RoEAUpEAJCbbLNHUA== Content-Language: en-us X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-03-07_06:2014-03-07,2014-03-07,1970-01-01 signatures=0 Cc: freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 18:20:28 -0000 > -----Original Message----- > From: dweimer [mailto:dweimer@dweimer.net] > Sent: Friday, March 7, 2014 6:18 AM > To: Matthew Seaman > Cc: freebsd-questions@freebsd.org; owner-freebsd-questions@freebsd.org > Subject: Re: FreeBSD 10 RELEASE amd64 how to install on single drive with > encrypted ZFS root? > > On 03/07/2014 3:28 am, Matthew Seaman wrote: > > On 03/07/14 08:10, David Christensen wrote: > >> The FreeBSD manual covers 9 and the wiki "Root on ZFS" article covers > >> 8. > >> > >> STFW I've found several things for 9, but no direct hits for 10 with > >> encrypted ZFS root. (There is a Flash video that might cover it, but > >> I don't do Adobe.) > > > > The 10.0 installer does ZFS natively, which is why you can't find any > > instructions on how to set up ZFS manually on that platform. > > > > However, to set up an encrypted root, you'll need to set up the > > encrypted partition with geli and then set up your ZFSes on top of > > that. > > Which is basically a manual job. > > > > You can follow the instructions here: > > > > https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/9.0-RELEASE > > > > except that after item (7) -- gnop -- you'll need to insert creating > > your encrypted partitions and then modify the subsequent bits to refer > > to the /dev/gpt/foo.eli devices you create. As far as ZFS goes, the > > sequence is essentially the same for 9.0 as for 10.0 except that > > wherever it says to use lzjb, you should substitute lz4. > > > > Cheers, > > > > Matthew > > Actually, when using the 10 installer after you select ZFS install, you get an > options screen that allows you to configure it to use encryption. > > Full options configurable are as follows: > Pool Type/Disks > Poll Name > Force 4k Sectors > Encrypt Disks > Partition Scheme > Swap Size > > I did a test install in vmware with the encryption options with no problems. > However I did end up choosing the manual method when I did my laptop setup > for one simple reason. I wanted to understand it fully in case I ran into a boot > issue down the road and needed to go through a recovery process, and couldn't > think of a better to know I understood it better than manually doing the setup. > [Devin Teske] http://www.bsdnow.tv/tutorials/fde There's a shiny picture at the bottom that shows the option that you need to select. The page is also good for explaining the full picture for each generation. As you can see, the section on 10.0 is pretty short-and-sweet. -- Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.