# [geli] Does a swap partition inside a partitioned geli device still need onetime?



## fonz (Jan 7, 2013)

As far as I can tell there are two ways of setting up encrypted swap:
Take a plaintext partition (e.g. /dev/ada0p2) and put a geli_swap_flags line in /etc/rc.conf, which causes the creation of a /dev/ada0p2.eli device and an invokation of geli onetime to create a swap partition encrypted with a random one-time key.
Take a partition inside a partitioned geli device, e.g. /dev/ada0s1.elib, and use that.
In the latter case (i.e. using a partition inside a partitioned geli device), does one still need to use geli_swap_flags? My guess is no, because the partition being used for swap is already contained within an encrypted device. But I'd like to make sure so if someone can call "confirmed" or "busted" I'd be much obliged.

Fonz


----------



## bbzz (Jan 7, 2013)

Correct, option B doesn't need one time password. 
http://forums.freebsd.org/showthread.php?t=29652


----------



## fonz (Jan 7, 2013)

Makes perfect sense. Thanks for the confirmation.

Fonz


----------

