I would like to ask some questions.
1) What is the point of disk encryption without a password? In case the storage server gets stolen as a whole, it just needs to be turned on to reveal all data to the thief. I know that there is an option to add a passphrase to the encryption of a pool. Unfortunately that is impossible for the pool on which the system dataset resides. Normally if you are using FDE on Linux (luks) or FBSD (geli) a password is required at boot time - this is the way it should behave as the data must be encrypted and stay encrypted after shutdown of the system. Why is this not possible on FreeNAS?
2) So my only option would be to create a seperate pool for the system dataset (probably the boot device) and set a passphrase for each pool to get at least some kind of security. So I would like to know what kind of data is being stored on the boot device (the system dataset). I read somewhere that such data includes log files and information related to SMB shares - which is ridiculous in terms of security.
Could please somebody shed some light on those issues?
1) What is the point of disk encryption without a password? In case the storage server gets stolen as a whole, it just needs to be turned on to reveal all data to the thief. I know that there is an option to add a passphrase to the encryption of a pool. Unfortunately that is impossible for the pool on which the system dataset resides. Normally if you are using FDE on Linux (luks) or FBSD (geli) a password is required at boot time - this is the way it should behave as the data must be encrypted and stay encrypted after shutdown of the system. Why is this not possible on FreeNAS?
2) So my only option would be to create a seperate pool for the system dataset (probably the boot device) and set a passphrase for each pool to get at least some kind of security. So I would like to know what kind of data is being stored on the boot device (the system dataset). I read somewhere that such data includes log files and information related to SMB shares - which is ridiculous in terms of security.
Could please somebody shed some light on those issues?