From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  9 15:08:13 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E4A57C08;
 Fri,  9 Jan 2015 15:08:13 +0000 (UTC)
Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com
 [24.240.198.187])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B07EEB4;
 Fri,  9 Jan 2015 15:08:12 +0000 (UTC)
Received: from www.dweimer.net (webmail [192.168.5.2])
 by webmail.dweimer.net (8.14.9/8.14.9) with ESMTP id t09F70mT002495
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Fri, 9 Jan 2015 09:07:00 -0600 (CST)
 (envelope-from dweimer@dweimer.net)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 09 Jan 2015 09:07:00 -0600
From: dweimer <dweimer@dweimer.net>
To: Patryk Hanckowiak <patryk.hanckowiak@e-safeguard.pl>
Subject: Re: custom full disk encryption with ZFS
Organization: dweimer.net
Reply-To: dweimer@dweimer.net
Mail-Reply-To: dweimer@dweimer.net
In-Reply-To: <54AFE53C.5050508@e-safeguard.pl>
References: <54AFE53C.5050508@e-safeguard.pl>
Message-ID: <93bcfc622d17ac4759e07c43f7633809@dweimer.net>
X-Sender: dweimer@dweimer.net
User-Agent: Roundcube Webmail/1.1-beta
Cc: freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 15:08:14 -0000

On 01/09/2015 8:27 am, Patryk Hanckowiak wrote:
> Hello.
> The installer seems to allow for an encrypted setup using the whole
> disk ... Or can you just use the installer to install FreeBSD on
> selected partitions of the disk with the ZFS encrypted setup? Is there
> a resource that shows how to create a custom full disk encryption with
> ZFS, something similar to LVM on LUKS in Linux?
> 
> Regards,
> Patryk Hanckowiak
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe@freebsd.org"

FreeBSD requires part of the boot to not be encrypted, this can be done 
using a USB thumb drive if you absolutely must have the full hard disk 
encrypted.

The USB drive or unencrypted part the hard drive needs to have a copy of 
/boot portion of the installation this doesn't contain any user data so 
its fairly safe if someone sees it.

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/