Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 18:59:54 +0100
From:      Roland Smith <>
To:        Johann Hasselbach <>
Subject:   Re: freebsd encrypted hard disk?
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 14, 2009 at 12:23:09PM -0500, Johann Hasselbach wrote:
> I read the "encrypting disk partitions" section of the Handbook. What
> is the preferred method nowdays, geli or gbde?

Geli seems to be the preferred method these days. It is also what I use
to encrypt my /home. It works without problems for me.

A geli-encrypted device gets the extension .eli. The boot scripts handle
it automatically when they see an .eli device in /etc/fstab. Depending
on how you configured it you might have to give the passphrase.

You can even encrypt your root directory, but in that case I think
you'll need an unencrypted partition for /boot.

> Is there another method that would be better?

Depends on what you define as better. I don't think so. Geli is
convenient and seems to work well. On modern machines the performance
penalty is slight. It supports well-regarded encryption algorithms like
AES and Blowfish.

[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v2.0.9 (FreeBSD)



Want to link to this message? Use this URL: <>