From owner-freebsd-geom@FreeBSD.ORG  Tue Sep 22 10:37:07 2009
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 589D31065676
	for <freebsd-geom@freebsd.org>; Tue, 22 Sep 2009 10:37:07 +0000 (UTC)
	(envelope-from petefrench@ticketswitch.com)
Received: from constantine.ticketswitch.com (constantine.ticketswitch.com
	[IPv6:2002:57e0:1d4e:1::3])
	by mx1.freebsd.org (Postfix) with ESMTP id 1F2578FC12
	for <freebsd-geom@freebsd.org>; Tue, 22 Sep 2009 10:37:06 +0000 (UTC)
Received: from dilbert.rattatosk ([10.64.50.6] helo=dilbert.ticketswitch.com)
	by constantine.ticketswitch.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.69 (FreeBSD)) (envelope-from <petefrench@ticketswitch.com>)
	id 1Mq2jy-000OeK-EO; Tue, 22 Sep 2009 11:36:58 +0100
Received: from petefrench by dilbert.ticketswitch.com with local (Exim 4.69
	(FreeBSD)) (envelope-from <petefrench@ticketswitch.com>)
	id 1Mq2jy-000Gq4-DV; Tue, 22 Sep 2009 11:36:58 +0100
To: a.n.s.i@gmx.net, freebsd-geom@freebsd.org
In-Reply-To: <20090921143821.27380@gmx.net>
Message-Id: <E1Mq2jy-000Gq4-DV@dilbert.ticketswitch.com>
From: Pete French <petefrench@ticketswitch.com>
Date: Tue, 22 Sep 2009 11:36:58 +0100
Cc: 
Subject: Re: geom_eli, N disks, zfs
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2009 10:37:07 -0000

> Is there any better way to configure a system to encrypt N-disk with passphrase for using under zfs as write in loader.conf following:

I use a very short separate partition as the keyfile, decrypt that
once and then use it to decrypt the others. My rc.conf looks like
this:

	geli_autodetach="NO"
	geli_devices="ad4s1e ad6 ad8"
	geli_ad6_flags="-p -k /dev/ad4s1e.eli"
	geli_ad8_flags="-p -k /dev/ad4s1e.eli"

which is a bit shorter than yours :-) ad4s1 is 5 sectors (i.e. 2560
bytes) hence ad4s1.eli is 2048 bytes. I initialised it with random
data before encrypting the other discs and I keep a backup of
the 4 sectors elsewhere just in case...

-pete.