# Load GELI encrypted installation with bootloader only



## abishai (Aug 18, 2016)

I've installed FreeBSD 11-RC1 on GELI encrypted ZFS dataset. I've noticed that I have additional pool, containing FreeBSD kernel. Are there any plans to use FreeBSD bootloader to support GELI directly ? The current implementation looks like a hack and have drawbacks when managing multiple BEs.


----------



## ANOKNUSA (Aug 19, 2016)

abishai said:


> Are there any plans to use FreeBSD bootloader to support GELI directly ?



Decryption is being integrated into the UEFI loader. It isn't expected until at least 11.1-RELEASE, though it's available for testing now and I would expect it to show up in 10-STABLE and 11-STABLE a short while before it appears on a -RELEASE.



abishai said:


> The current implementation looks like a hack and have drawbacks when managing multiple BEs.



I wouldn't call it a "hack," since it's how it's done on other operating systems as a matter of technical necessity. You can still use boot environments, you just won't have a wrapper or a boot menu for them.


----------



## abishai (Aug 19, 2016)

Nice, I hope it would be possible to convert existing installation to full disk geli encryption later. I'll go encrypted /home for now.


----------

