Question - boot password? volume mount password?

[Bryan Everly]

Hi everyone,

Loving my new life on FreeNAS by the way. Awesome product and I appreciate all of the hard work that has obviously gone into both it and the underlying opensource projects upon which it is based!

Anyhow, my question - I'd like to have some sort of password required after a reboot. Not a BIOS password (which is easily bypassed) but something along the lines of a LUKS or OpenBSD softraid encryption password so that, unless it is entered, the data stored at rest on the drives is useless to a bad actor who has physical access to the hardware.

I am encrypting my ZFS volumes so I'm good there, it's just that those get automounted after a boot so a scenario where someone gains physical access to the box and literally carries it away, plugs it in, boots up and voila - they have access to the data. I'd prefer the volume to not be mounted or decrypted until a password is physically entered on the console or via SSH.

Is that possible?

Thanks!

 

[SweetAndLow]

Huh? What you want is exactly what freenas does. You need to set a password.

Make sure you know what you are doing with encryption or you will probably lock yourself out of the pool.

Sent from my Nexus 5X using Tapatalk

 

[dcevansiii]

I'm going to second what SweetAndLow said regarding encryption.

It might be better to just have a zfs file system for data consistency etc. Just encrypt the things you want, on top of zfs.

You might want to search the boards and see what people have come up with as alternatives. Also the encryption isn't zfs native I believe yet.

Just don't get burned.