From owner-freebsd-hackers@freebsd.org Wed Jun 1 14:29:28 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8F98B4F94E for ; Wed, 1 Jun 2016 14:29:28 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: from puchar.net (puchar.net [194.1.144.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "puchar.net", Issuer "puchar.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2B7661FC8; Wed, 1 Jun 2016 14:29:27 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: Received: from 127.0.0.1 (localhost [127.0.0.1]) by puchar.net (8.15.2/8.14.9) with ESMTPS id u51ETOwx033747 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 1 Jun 2016 16:29:25 +0200 (CEST) (envelope-from wojtek@puchar.net) Received: from laptop.wojtek.intra (localhost [127.0.0.1]) by laptop.wojtek.intra (8.14.9/8.14.9) with ESMTP id u51ETMVl003534; Wed, 1 Jun 2016 16:29:22 +0200 (CEST) (envelope-from wojtek@puchar.net) Received: from localhost (wojtek@localhost) by laptop.wojtek.intra (8.14.9/8.14.9/Submit) with ESMTP id u51ETGse003531; Wed, 1 Jun 2016 16:29:16 +0200 (CEST) (envelope-from wojtek@puchar.net) X-Authentication-Warning: laptop.wojtek.intra: wojtek owned process doing -bs Date: Wed, 1 Jun 2016 16:29:16 +0200 (CEST) From: Wojciech Puchar X-X-Sender: wojtek@laptop.wojtek.intra To: Eric McCorkle cc: Konstantin Belousov , freebsd-hackers@freebsd.org, Allan Jude Subject: Re: EFI GELI support ready for testers In-Reply-To: <46B3F9E2-A25B-4F9D-B35F-11AC782495B1@metricspace.net> Message-ID: References: <519CC1FC-84DF-4710-8E62-AF26D8AED2CF@metricspace.net> <20160528083656.GT38613@kib.kiev.ua> <20160528172618.GB38613@kib.kiev.ua> <6A9DADE0-B214-424A-BB14-0B0848F0D08D@metricspace.net> <20160529091827.GD38613@kib.kiev.ua> <46B3F9E2-A25B-4F9D-B35F-11AC782495B1@metricspace.net> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (puchar.net [10.0.1.1]); Wed, 01 Jun 2016 16:29:25 +0200 (CEST) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2016 14:29:28 -0000 > It's undesirable because the whole point of ZFS is to have one ZFS volume for the whole system. This sounds more like a religious dogma than anything else. what if i run single disk (or mirrored 2 disk) system, no ZFS but i want everything encrypted by GELI and want only ona partition? Will you write special bootloader that would be hidden unencrypted on geli volume? Will you write 10000 special bootloaders to cope with 10000 cases of configuration FreeBSD admins want to have in the world? Or maybe - in the future admins would not be allowed to decide and there will be only one allowed storage configuration - ZFS volume occupying all disks, with bootloader designed for that one case? Seems i made about year ago a right decision to stick to FreeBSD-10.(between 0 and 1) and then manually apply only security patches and once backport needed driver from newer one....