Here are the following commands necessary for adding a GELI encrypted partition with ZFS under FreeBSD 7.0:
For this example I used my /dev/ad1s1 partition after the modules for GELI and ZFS have been loaded or built into the kernel.
$ geli init -v -b -e aes -s 4096 -l 256 /dev/ad1s1
- Enter new passphrase:
Reenter new passphrase:
Calculating number of iterations…
Done, using 47492 iterations.
Metadata value stored on /dev/ad1s1.
Done.
[$ echo 'hint.kbdmux.0.disabled="1"' > /boot/device.hints]
$ geli attach /dev/ad1s1
- Enter passphrase:
$ ls /dev/ad1s1*
- /dev/ad1s1 /dev/ad1s1.eli
$ zpool create -m /var/mybackups backups /dev/ad1s1.eli
$ zpool list
- NAME SIZE USED AVAIL CAP HEALTH ALTROOT
backups 189G 24.3G 165G 12% ONLINE -
$ vim /etc/fstab
- backups /var/mybackups zfs rw,noauto 0 0
Thanks to Rink Springer for his helpful article:
Encrypting your laptop with ELI and ZFS
Along with the links that helped him:
http://www.wanda25.de/geli.html
http://wiki.freebsd.org/ZFSOnRoot