Activate SED(Opal) encryption before or after creating pool?

[orjan-]

I'm setting up a samsung 970 evo plus nvme ssd to use SED(Opal) encryption and this drive will be used as a single drive in a data pool.
Should a pool be created before activating SED encryption, or should I first enable SED encryption and then create the pool?

Both ways seems to work if they are done without a reboot in between. However activating SED, reboot, and create pool in that order fails.

Case created:
https://jira.ixsystems.com/browse/NAS-103567

 

[dlavigne]

Which verson of FreeNAS (as in 11.2-U6?)?

 

[orjan-]

Which verson of FreeNAS (as in 11.2-U6?)?

Yes, currently testing on 11.2-U6.

sedutil-cli is not very well documented. I have tried to first create pool and then enable SED, and to enable SED first and then create the pool. In both cases i get a warning at boot that there is a issue with the primary partition table and that it's using the secondary partition table instead. I'm guessing that sedutil-cli creates a shadow partition table as primary partition table. However in the documentation, it only mentions that partition table if the PBA image is loaded, but I dont think thats the case on freenas data pool as it's not a boot drive and PBA is only necessary for unlocking boot drives. I think the MBRDone and MBREnable are only nesscessary if using PBA, but they get enabled by default also when following non-boot drive setup with sedutil-cli and when using sedhelper.

I just want to know if there is a right way or a wrong way. If it messes with alignment or something like that if done in the wrong order.

 

[dlavigne]

Please create a report at bugs.ixsystems.com and post the issue number here. We would like to improve the documentation and also want to verify that it is working correctly.

 

[orjan-]

Please create a report at bugs.ixsystems.com and post the issue number here. We would like to improve the documentation and also want to verify that it is working correctly.

Created case and added link in the first post.