State of encrypted-almost-everything on ZFS in 2020
Thomas Zander
thomas.e.zander at googlemail.com
Sat May 16 09:51:52 UTC 2020
Hi,
can the following be done these days?
- Encrypted ZFS root pool on RAID-Z
- Supply the key for the encrypted root pool during boot via USB thumb drive
- No keyboard is attached to the machine
- No /boot on the thumb drive, just the key
- I don't mind if /boot is encrypted or not (the use case is not to
protect against nation state attackers)
- Bonus points if I can use bectl
Every single posting regarding this topic I can find always comes down to either
a) One needs /boot on the thumb drive, or
b) One uses a keyboard and supplies a passphrase instead of a keyfile.
I'd like to have a setup where essentially nothing is stored on the
USB drive except the keyfile.
Thank you and best regards
Riggs
More information about the freebsd-stable
mailing list