Date: Sun, 18 Nov 2018 17:06:15 +0100 From: Marco Steinbach <coco@executive-computing.de> To: "Kevin P. Neal" <kpn@neutralgood.org> Cc: freebsd-geom@freebsd.org Subject: Re: eli encrypted providers for zfs raidz1 Message-ID: <20181118170615.6ccc920d@bsdbuch.c0c0.intra> In-Reply-To: <20181118060011.GA94938@neutralgood.org> References: <20181116231809.40a8f74c@bsdbuch.c0c0.intra> <CAOc73CDsY0CtuZxgkH0HEBrxQ%2BSS8gGHTt4MpjUWJLm3h-wBMA@mail.gmail.com> <20181117230809.428ed59a@bsdbuch.c0c0.intra> <20181118060011.GA94938@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 18 Nov 2018 01:00:11 -0500 "Kevin P. Neal" <kpn@neutralgood.org> wrote: > On Sat, Nov 17, 2018 at 11:08:09PM +0100, Marco Steinbach wrote: > > I think I'll start by looking at how encrpyted swap is mounted -- > > since, oddly, I have 11.2 occassionally ask me again for the eli > > swap providers passphrase during boot from a encrypted zroot. The > > system was installed using the encrypted swap and zroot option of > > the installer. > > I thought encrypted swap was considered not a good idea. Am I wrong > that it can, in some circumstances, result in deadlocks in low RAM > situations? > Putting swap on an encrypted ZVOL might end the system up in a deadlock according to https://wiki.freebsd.org/ZFSQuickStartGuide -- I am running my swap of off a separate swap partition. For reference, I also wanted crashdumps to work with my encrypted swap partition, and was pleasantly surprised by that all I needed to do was add 'late' to the eli swap fstab entries options, and then point dumpdev to the underlying partition. I panicked the system using debug.kdb.panic, and after rebooting, my crashdump sat in /var/crash. Since this leaks a lot of unencrypted information to the swap partition, I'll only enable this, if I really need it. MfG CoCo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181118170615.6ccc920d>