Date: Tue, 22 Sep 2009 11:36:58 +0100 From: Pete French <petefrench@ticketswitch.com> To: a.n.s.i@gmx.net, freebsd-geom@freebsd.org Subject: Re: geom_eli, N disks, zfs Message-ID: <E1Mq2jy-000Gq4-DV@dilbert.ticketswitch.com> In-Reply-To: <20090921143821.27380@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Is there any better way to configure a system to encrypt N-disk with passphrase for using under zfs as write in loader.conf following: I use a very short separate partition as the keyfile, decrypt that once and then use it to decrypt the others. My rc.conf looks like this: geli_autodetach="NO" geli_devices="ad4s1e ad6 ad8" geli_ad6_flags="-p -k /dev/ad4s1e.eli" geli_ad8_flags="-p -k /dev/ad4s1e.eli" which is a bit shorter than yours :-) ad4s1 is 5 sectors (i.e. 2560 bytes) hence ad4s1.eli is 2048 bytes. I initialised it with random data before encrypting the other discs and I keep a backup of the 4 sectors elsewhere just in case... -pete.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Mq2jy-000Gq4-DV>