On 17/04/2021 21:06, Alan Somers wrote:
The answer depends on why you want to partition in the first place. What do you intend to store on those disks besides ZFS? If the answer is nothing, then don't bother partitioning; just write ZFS over GELI over the whole disk.
Well, actually thats exactly why I asked the question, because after having done it I thought "why have I bothered partitioning this?" - after all, I would not have done so if they were not encrypted!
I think I got into the habit of always partitioning discs, back when using them raw was called "dangerously dedicated" - but that was, umm, a while ago shall we say ;-) Since ZFS arrived I havent used anything else, and when using ZFS I use the whole drive if I can. So yeah, was kind of looking at my own behaviour and doing a double take here...
(Also, it's worth asking why you want GELI, now that FreeBSD 13 supports ZFS native crypto. ZFS native crypto on RAIDZ has substantially better write performance than RAIDZ on GELI. However, if you're paranoid, then GELI does provide better security; ZFS native crypto is vulnerable to some kinds of watermarking attacks.)
Well, am (this week at least) running FreeBSD 12. Plus I havent native ZFS encryption yet, and theres always a tendency to 'go with what you know well' when setting something up. I just use striping and mirroring, no raidz, but if it will improve the write performance, and if it requires a password during boot like geli does, then I will look into it when I get everything upgraded to 13. Hadnt even considered that, so thanks for the reminder - need to explore all the new stiuff in OpenZFS I guess!
-pete. _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
