On Sun, 2019-02-10 at 11:37 -0600, Karl Denninger wrote: > On 2/10/2019 09:28, Allan Jude wrote: > > Are you sure it is non-UEFI? As the instructions you followed, > > overwriting da0p1 with gptzfsboot, will make quite a mess if that > > happens to be the EFI system partition, rather than the freebsd- > > boot > > partition. > > [...] > > BTW am I correct that gptzfsboot did *not* get the ability to read > geli-encrypted pools in 12.0? The UEFI loader does know how (which I'm > using on my laptop) but I was under the impression that for non-UEFI > systems you still needed the unencrypted boot partition from which to > load the kernel. >
Nope, that's not correct. GELI support was added to the boot and loader programs for both ufs and zfs in freebsd 12. You must set the geli '-g' option to be prompted for the passphrase while booting (this is separate from the '-b' flag that enables mounting the encrypted partition as the rootfs). You can use "geli configure -g" to turn on the flag on any existing geli partition. -- Ian _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
