Category Archives: GELI

Enabling encrypted swap in stable/10

Enabling encrypted swap has changed in FreeBSD stable/10. I was interested in running AES-XTS with a 256 bit random key and a simulated blocksize of 4096 bytes.

I had to change the line in /etc/fstab for the swap partition from

/dev/ada0s4b none swap sw 0 0


/dev/ada0s4b.eli none swap sw,keylen=256,sectorsize=4096 0 0

The kernel could then happily report:

GEOM_ELI: Device ada0s4b.eli created.
GEOM_ELI: Encryption: AES-XTS 256
GEOM_ELI:     Crypto: software