1

I want to create an encrypted virtual disk but I am struggling with understanding some basic concepts. Please correct me if any of these statements are wrong:

  1. I need a block device that geli can encrypt and mount in the system
  2. Once the device is mounted I can format it and create a filesystem on it
  3. The block device can be provided either with mdconfig or as ZFS volume

And now some questions:

a. What would be the difference between creating a file-based store for use with mdconfig and a native ZFS volume, assuming the system is already installed on ZFS?

b. Is it possible to create an encrypted virtual disk that will grow with the data copied to the disk e.g. ZFS allows to create a sparse volume - is it a good option, any alternatives?

Greg
  • 198
  • 10

1 Answers1

1

Your assumptions are correct.

The difference between using a ZVOL and file-backed md(4), from the user point of view, is not that big. Mostly that ZVOL will always be there, and the md disks need to be reattached after reboot.

As for growing - both ZVOL and file-backed md disks "grow" automatically, ie are sparse. The geli manual recommends overwriting the whole device upfront, though.

Edward Tomasz Napierala
  • 206
  • 1
  • 4