encryption

This is probably a trivial question, but I'm failing to figure it out myself after reading a lot of documentation. I've my laptop running an up-to-date 13.0-RELEASE, with zfs on top of geli. So, datasets are *not* encrypted, but encryption is done on the lower level. I've a single snapshot in...

I was trying to create an encrypted zfs filesystem today and I got an error, so i tried to check the version and that gives me an error as well. Am I missing something? % sudo zfs create -o compression=lz4 -o encryption=on -o mountpoint=/mnt/zusb-backup -o keyformat=raw -o...

Does FreeBSD 12.2-RELEASE support creating ZFS pools with Self Encrypting Drive (SED) hard drives? I am trying to source drives for a new NAS and am struggling to find non-SED drives. Searching the forum and googling I only found threads discussing the merits of SED, not whether it is actually...

How to change passphrase for encrypted ZFS disk for FreeBSD 13? I saw this post, but "/boot/encryption.key" is not found. Do I change the passphrase by booting into the disk, or booting into the install-disk? And, if I boot into the install-disk, how do I mount the specific partition to change...

Why would you encrypt a zfs zvol device with gbde ? Because you can, and it is easy. 1.You stay away from system,boot&root partitions so you don't have boot problems. 2. Most private data is relative small. And fits in one directory with subdirectories. Note : zfs allows encryption by itself but...

Background: I set up a server with mail/ssmtp and sysutils/logwatch because I wanted to painlessly monitor system security. Logwatch sent me a nice email, pretty much out-of-the-box, but when I read it I realized that the information in the body is sensitive. So I asked myself: why not encrypt...

Is there a reason, security or other, that rc.d/zfs script does not contain the -l and -u flags for mount and unmount respectively? Or alternatively a load-key -a before mount and unload-key -a after unmount (this is better for datasets that dont mount but have subsets that do) I double...

I've set up remote VPS systems with GELI disk encryption, including swap encryption, during FreeBSD 12.2 installation. I've locked down SSH quite securely too so I presume now when remoting in, security is reasonably assured. I want to address the possibility that within the VPS terminal's web...

Made a post earlier about theoretical hidden directories attack vectors and PEFS. This is a simple question about a problem I'm having. Inside a jail. With allow.mount; and enforce_statfs="0"; in /etc/jail.conf, I am getting the error message root@jail:/home/user # ls -I test...

I am new to BSD. What I'd like to do is mirroring two SSDs and encrypting everything that is possible. I mean the entire OS and even the swap partition (I guess BSD has one too). As far as I understand as long as the motherboard does not support booting with encrypted disks I have to keep the...

Hello! I have FreeBSD 12 installation with GELI encrypted ZFS root partition (created automatically from the installer). But now, my HW died and I need to import and mount the root filesystem as external disk. How can I mount this GELI encrypted ZFS root partition manually please? Note: In the...

ETSI releases cryptographic standards for secure access control.

The other day I got a new backup HDD so I can rotate my external disks and take them offsite in case my house blows up. I enjoy disk encryption on these sorts of drives that will be stored safely and the data is inaccessible. However, after backing up my data I realized that I didn't employ ZFS...

Helo, I want encrypt external USB drive, at this moment I use dm-crypt (XFS filesystem), but I cannot read this drive under freeBSD. Do you know any software, which can encrypt drive and it will work on Linux and FreeBSD? At this moment i think about TrueCrypt,but maybe you know something better.

I set up my FreeBSD-desktop nearly a year ago but with unencrypted disks (please don't ask…). Now I am in the need to encrypt at least the home directory of my user. What would be the best way to do that without reinstalling my system? I have two disks in one zpool-mirror taking up the whole...

I'm intending to encrypt a disk to be used for date backups via a USB connected external drive enclosure (Sabrent). gbde looks like the way to go but I don't see specific mention in the handbook about its use when mounting a disk after system boot. Anyone here have experience in this? thanks!

Hi, I'm new to FreeBSD and learning about geli encryption. I've setup a system using the FreeBSD 11.1 installer. The storage setup is 4x 6TB disks using zfs. Using the installer I chose a RAID 1+0 setup (using all four disks), with full-disk encryption. The installer created 2 zfs pools...

Hello, I have exactly the same problem, which is also described in this thread. However, the solution does not work for me. Before the beastie menu, the boot loader asks for the password. No matter what I enter there, the boot process continues. Later, when the root system is to be mounted...

FreeBSD Geli encrypted container FreeBSD geli encrypted container with zfs, truecrypt replacement Code on Github Support for geli is available as a loadable kernel module. To configure the system to automatically load the module at boot time, add the following line to /boot/loader.conf...

I'm new to FreeBSD but I have experience with Linux distributions. I'm very happy with FreeBSD so far. I used the guided encryption zfs option also I have raidz with 4xHDD. The encryption key is on boot pool at /boot/encryption.key, right? I also have encrypt every HDD with geli use new key and...