Hello mailing list,
Im trying to realize a specific encrypted setup on my FreeBSD machine at
home.
For now I've a raidz2 pool, which did contain root - however it doesnt
boot anylonger.
I have a dedicated SATA disk with UEFI boot code and /boot data, so this
works and I can bootup.
What I wanted to do now is now encrypt the devices of the pool,
which should work in general because I can boot the kernel and thus the
kernel should be able to decrypt the required disk devices.
My issue is now that if I find anything on google etc, all examples want
me to put the keyfile on /boot and then provide it as an argument like:
geli_<device>_keyfile0_name="/boot/encrypted.key"
This is something I dont want to do, instead I'd prefer that I put the
keyfile data on a single gpt partition of an usb stick of my choice -
I can reach this device whenever I boot up... however it seems I can not
provide a /dev/... device just like this as an argument.
I dont even know if the kernel is able to read raw data from a gpt
partition... but well why not? It should be possible?
Has anyone a clue how to archive this or which arguments I need to provide?
regards,
Georg
