So I've been doing some homework on the way in which FreeNAS 8.3.1 uses the new disk encryption included with it via GELI. Obviously there are going to be people out there wishing they could upgrade to this new encryption. I'm sure there is a way that you could export a zpool, run some applicable commands on all of your devices, then give FreeNAS the password and key to take a zpool offline, run a series of CLI commands to encrypt all of your devices, then give FreeNAS your key and password to remount your zpool.
Am I completely out to lunch with this possibility? Is there any reason why this isn't possible? Obviously I'm not looking for a solution that would be recommended by the FreeNAS development team, but since I like to tinker with stuff I keep asking myself why it would(or wouldn't work).
So, anyone out there know anything about how FreeNAS does its encryption? There doesn't seem to be much documentation with how geli is used. But based on what I've seen of the bootup of FreeNAS and I noticed that encrypted drives end up being converted into 2 devices.. the standard ada0 and then a new ada0p1.eli. This makes me think that the partition table for the drive isn't encrypted, but the partition itself is.
Anyone able to provide any insight into how this all works? Any developers want to provide some info on how it works?
Obviously, I'm anticipating that people are going to start asking this question soon and I'd like to know why it either isn't possible(besides that it is a risky process) or that it is possible(but also let it be known the process is risky) and know how it works. I'm also taking this as a learning opportunity for me :)
-Cyberjock
Am I completely out to lunch with this possibility? Is there any reason why this isn't possible? Obviously I'm not looking for a solution that would be recommended by the FreeNAS development team, but since I like to tinker with stuff I keep asking myself why it would(or wouldn't work).
So, anyone out there know anything about how FreeNAS does its encryption? There doesn't seem to be much documentation with how geli is used. But based on what I've seen of the bootup of FreeNAS and I noticed that encrypted drives end up being converted into 2 devices.. the standard ada0 and then a new ada0p1.eli. This makes me think that the partition table for the drive isn't encrypted, but the partition itself is.
Anyone able to provide any insight into how this all works? Any developers want to provide some info on how it works?
Obviously, I'm anticipating that people are going to start asking this question soon and I'd like to know why it either isn't possible(besides that it is a risky process) or that it is possible(but also let it be known the process is risky) and know how it works. I'm also taking this as a learning opportunity for me :)
-Cyberjock
