Date: Sun, 12 Jan 2020 16:30:13 +0000 From: Ben Lavery <ben.lavery@hashbang0.com> To: freebsd-questions@freebsd.org Subject: Using GELI on boot disk with GPT labels? Message-ID: <e07b4997-f285-153b-01d3-097c94d08ebf@hashbang0.com>
next in thread | raw e-mail | index | archive | help
Hi all,
I've recently bought my first home server and am planning to run FreeBSD
12.1-RELEASE on it.
I would like to GELI encrypt (password based) all of the hard drives I
put into the server so that if/when they fail I can safely and
confidently dispose of them.
When setting up the server, I followed a number of recommendations to
use GPT labels for disks with a naming scheme that would allow me to
easily identify where failed disks physically are in the server (there
are 12 bays).
However, when I booted up the server after installing on an installer
configured zpool with GELI encryption, I noted that the disk IDs (e.g.
da0p3) was being used, and this seemed to extend to disks in different
(non-root) zpools.
I decided to do an experiment in VirtualBox with FreeBSD 12.1-RELEASE:
1. To install FreeBSD on ZFS with GELI encryption
https://gist.github.com/forquare/b4e12938b1240238ef64e3d6ba5d9669
2. To install FreeBSD on ZFS without GELI
https://gist.github.com/forquare/8049282d742c94b67f08a81d828e8d13
(Links above show commands + output/details of installation)
I found that when I didn't use GELI I was able to use GPT labels,
however when I _did_ use GELI GPT labels were not available to me.
Is there a way to encrypt my boot pool _and_ use GPT labels?
If not, I would be interested to learn why.
Many thanks,
Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e07b4997-f285-153b-01d3-097c94d08ebf>