Date: Tue, 14 Jul 2020 20:13:54 +0200 (CEST) From: Christian Kratzer <ck-lists@cksoft.de> To: Allan Jude <allanjude@freebsd.org> Cc: freebsd-fs@freebsd.org Subject: Re: gptzfsboot targeting wrong vdev Message-ID: <alpine.BSF.2.22.395.2007142010540.82939@nocfra1.cksoft.de> In-Reply-To: <e6627d93-b61e-a1dd-1b94-9ea9bd9d3d73@freebsd.org> References: <alpine.BSF.2.22.395.2007061453250.82939@nocfra1.cksoft.de> <9400f5f0-e267-932c-b1ce-8436748cf2c0@FreeBSD.org> <78024f0d-4889-713e-15a5-56ec6d8d82b3@freebsd.org> <alpine.BSF.2.22.395.2007131155560.82939@nocfra1.cksoft.de> <d1b537da-8a94-4e12-4d45-b4318db2fbb8@freebsd.org> <alpine.BSF.2.22.395.2007131953300.82939@nocfra1.cksoft.de> <e6627d93-b61e-a1dd-1b94-9ea9bd9d3d73@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Mon, 13 Jul 2020, Allan Jude wrote: <snipp/> > So are your SLOG devices not encrypted? That seems like an oversight, > since any synchronous writes will be written to the SLOG first. yes the slog devices are not encrypted. And /boot/keys contains the keys. All of the above are on the ada0, ada1 m2 ssd devices. The main threat scenario I am protecting against is disposal of end of live or broken disks in the main pool. If I wanted to protect ada0/1 I would need to fall back to booting from a separate external devices again that also includes the keys. Greetings Christian -- Christian Kratzer CK Software GmbH Email: ck@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.22.395.2007142010540.82939>