geli encryption

  1. C

    Other Seeking Advice on GELI Encryption Settings

    Hi everyone, I'm new to FreeBSD and currently practicing GELI encryption with simple ZFS Pool creation and rebuild processes. I’m seeking advice for a pool I will create later. I’ve come across different setup variants during my research. I understand there's no one "correct" method as each...
  2. StreetDancer

    Solved zpool name change from default (Causes Errors post_install), Virtualized in VirtualBox 7.0 Debian-12.1.0-amd64 - FreeBSD 14.0-RELEASE-amd64 Guest O/S

    Title: zpool name change from default (Causes Errors post_install), Virtualized in VirtualBox 7.0 Debian-12.1.0-amd64 - FreeBSD 14.0-RELEASE-amd64 Guest O/S Hey everyone! My production server has been offline for over 1 year now due to unlawful Compromising. (Besides that _Fact_), I am...
  3. avgwst

    Pool 'zroot' has encountered an uncorrecrable I/O failure and has been suspended (Encrypted SSD can't resume from sleep)

    Hi! I have a problem with resuming, after one more upgrade to newer sources. System version: FreeBSD bsdlap 14.0-STABLE FreeBSD 14.0-STABLE #0 stable/14-n265656-4671836d7ba3: Sat Oct 28 13:44:15 CEST 2023 root@bsdlap:/usr/obj/usr/src/amd64.amd64/sys/MINI amd64 After resuming system seems...
  4. freebsd_user

    Failed to authenticate error... during geli attach

    I have been testing my setup on an Oracle Virtual Box, Virtual Machine Manager, and VMware with EFI turned on. I have continued FreeBSD setup up to the Partitioning step, then selected shell and entered the following, # sysctl kern.disks # gpart destroy -F ada0 # gpart create -s gpt ada0 #...
  5. freebsd_user

    Solved Shutdown stuck for dual booting Windows10 + FreeBSD with ZFS and GELI

    My goal was to install FreeBSD with GELI and ZFS alongside of currently installed Windows 10. I am testing it on an Oracle Virtual Box with EFI turned on. I have continued FreeBSD setup up to the Partitioning step, then selected shell and entered the following, gpart add -t freebsd-swap -s...
  6. byrnejb

    Solved zfs remove geli encryption

    I have a zfs pool which was originally setup as encrypted. Due to some hardware errors I replaced an encrypted member with its unencrypted counterpart. In other words: zpool replace zroot /dev/ada0p4.eli /dev/ada0p4. A second drive was also replaced and so I now have this: [root@vhost03 ~...
  7. R

    ZFS For large files ZFS recordsize can be incremented to 1M, what about the GELI sectorsize?

    Hi, When on certain pools or datasets large files will be stored, it can be an advantage to use a larger recordsize of 1M in ZFS. Suppose the pool is encrypted by GELI, would it be better or worse to align the sectorsize of GELI with the recordsize of ZFS? In general i see GELI sectorsizes of...
  8. X

    GELI, change default integrity algorithm at installation time

    Intro: Hi, I'm about to switch to FreeBSD for main dailly desktop usage, and I'm concerned about my data and slightly about performance. Context: My machine is 64bit and i know (based on what I've read online) that, SHA-512 is faster than SHA-256 on a 64bit system. Goal: So, i was wondering if...
  9. C

    Encrypted ZFS root - boot broken

    I've just had a "wonderful" time thanks to whoever maintains zfs - after doing a zpool upgrade, it told me to do It didn't even tell me that this will break my EFI boot. Granted, I was stupid to simply believe what I read and to do it anyway, since it says "mbr" in there. Here comes the...
  10. fr33bsd

    Other UnGeli On Stick

    Hi People, using freebsd you can encrypt the system pool zroot. But then you have to enter the passphrase on each boot-up. Please, excuse that I do not know that much about geli and the boot up mechanisms in freebsd. I am still learning. As far as I know you can use key files to attach a geli...
  11. fr33bsd

    ZFS Pool Performance When Using Geli

    Hi people, on one of my storage servers (12 spin disks), I run geli with AES CBC encryption due to prevent physical data hijacking by evil data center personel ;). As far as I know AES CBC is slower than AES XTC. How ever, I would like to ask you about your performance experience regarding...
  12. puppydog

    How does disk resilvering work with a geli-encrypted zfs installation?

    I saw that 13.0-RELEASE came out and so I decided to take the opportunity to move my server from CentOS back to freebsd (I was previously a longtime user of FreeBSD but I switched a while back for reasons I can't quite remember). I decided during installation that I would like to encrypt my...
  13. Aeterna

    Boot splash kills geli encrypted FreeBSD

    Hello, Just installed in VM FreeBSD on geli encrypted ZFS. All went well however after installing Xorg password prompt is hidden behind splash screen so no way to enter password. Unfortunately there is nothing to unset at boot prompt (option 3). I could just remove splash picture from single...
  14. A

    ZFS Horribly slow performance after reboot when attaching HDD with geli and mounting pool

    Hey all, I'm getting a little uncomfortable in my current situation: FreeBSD 11.3, using zfs. I just did a reboot because of some adjustments and after attaching every HDD to geli and mounting my 'tank0' the performance drops to unusable levels, mounting the pool itself takes ~1 minute. Right...
  15. B

    ZFS GELI/ZFS volumes automount

    Hi, I have tried with both Mate and KDE, but it looks like there is no automatism to mount encrypted volumes. Something like LUKS volumes automount on Linux. It shows a nice dialog box asking for the password and then does all its things. I have a usb "data disk" that I insert when needed, so it...
  16. W

    shrink a partion to split it?

    I have got a FreeBSD system that I use as Samba server. It has only one partition. I'd like to split it into two partitions with os and data and encrypt the data partition with Geli. As I understand, I cannot shrink the partition? So, if I mount the disk on another system, cp -rp the disk...
  17. D

    ZFS (solved) zfs on geli encrypted disks

    I have two drives which are both geli encrypted and have the same partition scheme. I added both to an zfs mirror pool and created some smaller partitions in that pool. After a reboot im facing these problems: I can decrypt both drives, but only the first decrypted is shown as online and the...
  18. J

    How to manage encryption keys with geli and ZFS?

    Since this is not a hard technical question it was placed in off-topic. Please let me know if I should move it. When using geli encryption on larger ZFS machines, it would seem practical to have all of the disks share the same master key so that the administrator would not have to enter a...
  19. brian

    Solved Encrypted ZFS pool stuck offline

    I have 4 disks in a RAIDZ with geli encryption. I'm currently running FreeNAS 11.2. I'm posting here because their forum doesn't have a great reputation. One of them has been having issues so I decided to pull it and run a quick test to verify things. without thinking I decided to offline the...
  20. M

    Solved Disable geli auto-attach at boot

    I encrypted a partition with geli using the directions in the FreeBSD handbook. Currently, I am asked for a password at boot, and I can use the encrypted partition, which is not mounted as root. Is it possible for me to disable this automatic geli attach so that I can do it manually after boot...
Back
Top