How to encrypt a FreeBSD with Geli?

By admin, 12 March, 2022

To encrypt a FreeBSD system using Geli (FreeBSD's disk encryption mechanism), follow these steps:

Prepare the FreeBSD Installation:

Start by booting into the FreeBSD installation media.
Proceed through the installation process until you reach the disk partitioning step.

 Partition Your Disk:

Select the disk you want to install FreeBSD on.
Create partitions as needed. Typically, you'll want a separate partition for /boot and the rest for the root filesystem .

Encrypt the Partitions:

For each partition you want to encrypt, run the geli init command. For example, if you want to encrypt /dev/ada0p2 (replace ada0p2 with the appropriate partition identifier.

geli init /dev/ada0p2

You'll be prompted to set a passphrase for each encrypted partition.

Attach the Encrypted Partitions:

After initializing the encrypted partitions, you need to attach them. Use the geli attach command:

geli attach /dev/ada0p2

You'll be prompted to enter the passphrase you set during initialization.

Mount the Encrypted Partitions:

Mount the encrypted partitions to appropriate mount points (e.g., /mnt for the root filesystem.

mount /dev/ada0p2.eli /mnt

Install FreeBSD:

Proceed with the installation process. When prompted for the installation destination, choose the mounted encrypted partition(s).

Configure Bootloader:

Configure the bootloader to load the kernel and initramfs (if used) from the unencrypted /boot partition.


Once the installation is complete, reboot the system.
During boot, you'll be prompted to enter the passphrase to unlock the encrypted partitions.

Remember to keep your encryption passphrases secure and backed up. Losing them can result in data loss. Additionally, ensure you have a solid backup strategy in place, as data recovery from encrypted partitions can be challenging if you lose access to the passphrase.

Term Reference