- -b switch enables the boot flag for geli. This means I can apply my passphrase all at once during XigmaNAS boot up. I just need to be KVM's into the XigmaNAS box itself.
- -s 4096 switch enables the ada#.eli (the HDD the system sees and is encrypted [Providers], not the lower, basic HDD level which is not encrypted and is accessible by anyone on any HDD [Consumers]) to have a sector size of 4096. Otherwise it defaults to 512 bytes which is said to be less efficient.
- -l 256 switch sets the default encryption (AES-XTS) to a key size of 256 bytes instead of the default of 128 bytes. More is always better.
- -J - switch enables a passphrase to be entered as standard input. In other words as soon as the "geli init" command is entered at a command line interface (CLI, like in PuTTY), it waits for a passphrase to be entered as well.
Well, my feature requests are:
Code: Select all
Geom name: ada3.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT KeysAllocated: 466 KeysTotal: 466 Providers: 1. Name: ada3.eli Mediasize: 2000398929920 (1.8T) Sectorsize: 4096 Mode: r0w0e0 Consumers: 1. Name: ada3 Mediasize: 2000398934016 (1.8T) Sectorsize: 512 Stripesize: 4096 Stripeoffset: 0 Mode: r1w1e1
- In the Encryption page, I wish the type of encryption column had more detail. For example AES is all that is listed but it could be AES-XTS or AES-CBC.
- Add a flag during the encryption creation process (started on the Encryption webpage by hitting the big "+" sign and there being an unattached HDD in your system that's available) to enable setting the boot flag with to the encrypted HDD. I DO realize this switch can be set at any time with the "geli configure" command at the CLI, even at the Execute Command webpage.
- Add the option to set the sector size of the ada#.eli (the encrypted HDD) also during the encryption creation process. This switch CANNOT be set by the "geli configure" command, appears it's done only when the encrypted HDD is created and initialized by "geli init".