From owner-freebsd-questions@FreeBSD.ORG Fri Mar 7 09:28:55 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E53A99C8 for ; Fri, 7 Mar 2014 09:28:54 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 886F433C for ; Fri, 7 Mar 2014 09:28:54 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s279SaM8042062 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Fri, 7 Mar 2014 09:28:44 GMT (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s279SaM8042062 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1394184525; bh=J5Aykt3hWXyQWyeMhxtD1LsbelohXfSsxJn5o63oVFQ=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Fri,=2007=20Mar=202014=2009:28:29=20+0000|From:=20Matthew =20Seaman=20|To:=20freebsd-questi ons@freebsd.org|Subject:=20Re:=20FreeBSD=2010=20RELEASE=20amd64=20 how=20to=20install=20on=20single=20drive=20with=0D=0A=20encrypted= 20ZFS=20root?|References:=20<53197EF6.4070902@holgerdanske.com>|In -Reply-To:=20<53197EF6.4070902@holgerdanske.com>; b=KHEpLXaLSH7FMBFaTjorc0SJrc2fvDZ+k3FWQusYosbMDEgBjZh83CPeKY91Ku/P5 FY24IoWv39zsqsT9uV4TrC6/tcha+cXJbhzQTPpjhnq+VuUBSTdfRbaoASwXSbhSfx 83JsU7k1mmBfLpiqz4NSimHC2Pc6w8LF+qaZN7As= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <5319913D.4040207@infracaninophile.co.uk> Date: Fri, 07 Mar 2014 09:28:29 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: FreeBSD 10 RELEASE amd64 how to install on single drive with encrypted ZFS root? References: <53197EF6.4070902@holgerdanske.com> In-Reply-To: <53197EF6.4070902@holgerdanske.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RcRQV5J7H1ubFAKBErWNEcVQ6CVPUEEdg" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RDNS_NONE autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 09:28:55 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RcRQV5J7H1ubFAKBErWNEcVQ6CVPUEEdg Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/07/14 08:10, David Christensen wrote: > The FreeBSD manual covers 9 and the wiki "Root on ZFS" article covers 8= =2E >=20 > STFW I've found several things for 9, but no direct hits for 10 with > encrypted ZFS root. (There is a Flash video that might cover it, but I= > don't do Adobe.) The 10.0 installer does ZFS natively, which is why you can't find any instructions on how to set up ZFS manually on that platform. However, to set up an encrypted root, you'll need to set up the encrypted partition with geli and then set up your ZFSes on top of that. Which is basically a manual job. You can follow the instructions here: https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/9.0-RELEASE except that after item (7) -- gnop -- you'll need to insert creating your encrypted partitions and then modify the subsequent bits to refer to the /dev/gpt/foo.eli devices you create. As far as ZFS goes, the sequence is essentially the same for 9.0 as for 10.0 except that wherever it says to use lzjb, you should substitute lz4. Cheers, Matthew --RcRQV5J7H1ubFAKBErWNEcVQ6CVPUEEdg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTGZFEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnUSsP/3J2cvdfrOMNC9QO8IEDX7Mo GSaDCL7mP2H+lspj14cJ3mA8ZRGUT4mvkWjqoaJ+4NEmXelilGrZk6tgenqTTlvp cPsrtfkpXujPubFFLJQ33RmQEQyq1DzoZcOAwpnH6uA9UkXAkznP/VjmG9peIiv4 +TeKzn4EheWobUnZK+c3sHNbdDlnPtc+mpuYt7rPpLL04oJVNJUVhASFL5nbNyng 0LPh6TW5J8auTfu8jtJzCuljq/2Wi4+UU2EVLeU16Q3R1eXfER2Qe6prc0cTPJJE pHGbuZrogjt3SuTkQwlFERcrKWvJsiLX7Qu06MzZzbxOUTLDhXE3Qw9RH5l5dAGr dIUw6P9b2XwmgCHcuYTPNg6KBZDJvXp6bK9aVTsGgdvKsfJyCfQFEpzDvmL3gw/U EdA/Qqqd0qF2FL/l3g5WS011kIQZ/9/XT6QRZFkM4WeLX5dfiCqahwcU5B2ifB81 k5ig5rnG2UPdzAasS4xShmk5+CYyrfdMJdgLvu82nCC/Q7FkaA/IYcwlVCaUtQDl O+bI3Gd7PGMZ3gWdNp7GWCJdu/qeimiNeTjYl2a1/4EgspTGqvn8Zl7Sb7TiU5YE m5HHc82/mtNkZ22bJAWlfUr8UYN54J4Kek7wxdSBgOSWjphPBJDyOi9SpZL4zoXV EbnAT3t1FpQgByzSFQrX =Li/p -----END PGP SIGNATURE----- --RcRQV5J7H1ubFAKBErWNEcVQ6CVPUEEdg--