Date: Sat, 16 May 2020 11:51:22 +0200 From: Thomas Zander <thomas.e.zander@googlemail.com> To: stable@freebsd.org Cc: allanjude@freebsd.org Subject: State of encrypted-almost-everything on ZFS in 2020 Message-ID: <CAFU734wh-2MtqF3XUbCwE5wbCLDhdWqtSsJWUdL4i4hgJvS62A@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, can the following be done these days? - Encrypted ZFS root pool on RAID-Z - Supply the key for the encrypted root pool during boot via USB thumb drive - No keyboard is attached to the machine - No /boot on the thumb drive, just the key - I don't mind if /boot is encrypted or not (the use case is not to protect against nation state attackers) - Bonus points if I can use bectl Every single posting regarding this topic I can find always comes down to either a) One needs /boot on the thumb drive, or b) One uses a keyboard and supplies a passphrase instead of a keyfile. I'd like to have a setup where essentially nothing is stored on the USB drive except the keyfile. Thank you and best regards Riggs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFU734wh-2MtqF3XUbCwE5wbCLDhdWqtSsJWUdL4i4hgJvS62A>