fyboqyovjy
Dabbler
- Joined
- Jul 6, 2020
- Messages
- 10
Hello,
I've read the documentation about encrypted pools in FreeNAS. It says:
This is my current setup:
I have Proxmox on my server and FreeNAS is a VM on it.
The boot device and also the VM image storage is a mirror with two self encrypting SSDs.
So if I want to boot the server and run a VM, I already have to type a password to decrypt the boot device.
For FreeNAS I passthrough a PCIe HBA. Then I created an encrypted pool on it.
Now I'm not sure if it makes sense to add a passphrase to this encrypted pool, or not?
The pool will unlock automatically if I start the FreeNAS VM.
But to be able to do that, I have to type a password anyway.
What do you think?
Will I gain anything if I add a passphrase to manually unlock the encrypted pools?
Also:
Isn't that ridiculous? Or is there something I didn't understand? Should I use the boot device as system dataset in this case?
I've read the documentation about encrypted pools in FreeNAS. It says:
Encrypted pools that have no passphrase are unlocked at startup. Pools with a passphrase remain locked until a user enters the passphrase to unlock them.
This is my current setup:
I have Proxmox on my server and FreeNAS is a VM on it.
The boot device and also the VM image storage is a mirror with two self encrypting SSDs.
So if I want to boot the server and run a VM, I already have to type a password to decrypt the boot device.
For FreeNAS I passthrough a PCIe HBA. Then I created an encrypted pool on it.
Now I'm not sure if it makes sense to add a passphrase to this encrypted pool, or not?
The pool will unlock automatically if I start the FreeNAS VM.
But to be able to do that, I have to type a password anyway.
What do you think?
Will I gain anything if I add a passphrase to manually unlock the encrypted pools?
Also:
In my case the system dataset is the encrypted pool. Where's the logic to store the encryption key on the encrypted pool?FreeNAS® generates a randomized encryption key whenever a new encrypted pool is created. This key is stored in the system dataset. It is the primary key used to unlock the pool each time the system boots.
Isn't that ridiculous? Or is there something I didn't understand? Should I use the boot device as system dataset in this case?
Last edited: