From owner-freebsd-current@freebsd.org  Sun Apr 19 12:39:50 2020
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 215E22C4C18
 for <freebsd-current@mailman.nyi.freebsd.org>;
 Sun, 19 Apr 2020 12:39:50 +0000 (UTC)
 (envelope-from list_freebsd@bluerosetech.com)
Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 494qCn75M9z4CGN;
 Sun, 19 Apr 2020 12:39:49 +0000 (UTC)
 (envelope-from list_freebsd@bluerosetech.com)
Received: from chombo.houseloki.net (65-100-43-2.dia.static.qwest.net
 [65.100.43.2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "chombo.houseloki.net", Issuer "brtsvcs.net CA" (verified OK))
 by echo.brtsvcs.net (Postfix) with ESMTPS id 2BF0A38D21;
 Sun, 19 Apr 2020 12:39:43 +0000 (UTC)
Received: from [IPv6:2602:41:642b:630:fda8:3893:dd9d:749] (unknown
 [IPv6:2602:41:642b:630:fda8:3893:dd9d:749])
 by chombo.houseloki.net (Postfix) with ESMTPSA id AA5E219B3;
 Sun, 19 Apr 2020 05:39:41 -0700 (PDT)
Subject: Re: OpenZFS port updated
To: Allan Jude <allanjude@freebsd.org>, freebsd-current@freebsd.org
References: <A61E33DF-96D0-449D-8665-9089599F0583@FreeBSD.org>
 <ec813ec5-1d6a-c679-bca5-f21b516ad47e@bluerosetech.com>
 <CACNAnaF3qAy3_kk_+DE5T4shDG97=ZD+Gb-cokBYJQ3fyn7p6w@mail.gmail.com>
 <8abb14b2-7426-559d-af7e-c339fa130515@bluerosetech.com>
 <dc2b85cb-ed82-802d-9b34-61e626ec9ef6@freebsd.org>
From: Mel Pilgrim <list_freebsd@bluerosetech.com>
Message-ID: <895bf7c8-d154-8f80-b0a3-50b54919d6f1@bluerosetech.com>
Date: Sun, 19 Apr 2020 05:39:38 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <dc2b85cb-ed82-802d-9b34-61e626ec9ef6@freebsd.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 494qCn75M9z4CGN
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-6.00 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; REPLY(-4.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Apr 2020 12:39:50 -0000

On 2020-04-18 18:16, Allan Jude wrote:
> If you still have a bootpool, you can migrate to a single pool (so boot
> environments work), using these instructions:
> https://ftfl.ca/blog/2016-09-17-zfs-fde-one-pool-conversion.html
> 
> If the pool would boot without GELI, it still will with GELI, however,
> if you use any of the newer features not supported by the boot loader,
> then it will not be able to read the kernel from the boot (encrypted or not)

My use case requires unattended booting and never storing the keyfiles 
on the disks to which they correspond so that, in the event of a disk 
failure, it can be recycled or sent back to the OEM safely.

AFAIK the userkey files have to be on the same filesystem as the loader, 
which, for this use case, requires /boot be separate?