On Sat, Apr 17, 2021 at 1:53 PM Pete French <petefre...@ingresso.co.uk> wrote:
> So, am building a zpool on some encrypted discs - and what I have done > is to partition the disc with GPT add a single big partition, and > encrypt that. So the pool is on nda1p1.eli. > > But I could, of course, encrypt the disc first, and then partition the > encrypted disc, or indded just put the zpool directly onto it. > > Just wondering what the general consensus is as to the best way to go > here ... if there is one! :-) What do other people do ? > > -pete. > The answer depends on why you want to partition in the first place. What do you intend to store on those disks besides ZFS? If the answer is nothing, then don't bother partitioning; just write ZFS over GELI over the whole disk. (Also, it's worth asking why you want GELI, now that FreeBSD 13 supports ZFS native crypto. ZFS native crypto on RAIDZ has substantially better write performance than RAIDZ on GELI. However, if you're paranoid, then GELI does provide better security; ZFS native crypto is vulnerable to some kinds of watermarking attacks.) _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
