chuggs
Dabbler
- Joined
- Jan 5, 2016
- Messages
- 10
Forgive me if I missed something here. I have read through the documentation at the following:
https://doc.freenas.org/11/storage.html#replacing-an-encrypted-drive
https://forums.freenas.org/index.php?threads/recover-encryption-key.16593/#post-85497
The documentation states that after resilvering is complete, the pool must be re-keyed "before the next reboot, [or] access to the pool might be permanently lost." I am a little unclear here, as "might" is a strange word for a warning like this.
https://doc.freenas.org/11/storage.html#replacing-an-encrypted-drive
https://forums.freenas.org/index.php?threads/recover-encryption-key.16593/#post-85497
The documentation states that after resilvering is complete, the pool must be re-keyed "before the next reboot, [or] access to the pool might be permanently lost." I am a little unclear here, as "might" is a strange word for a warning like this.
- Why does it need to be re-keyed? I am not super familiar with geli, but from what I have read it appears to use envelope encryption, with a generated key encrypted with the user's key and stored in the drive metadata. When the new disk is resilvered, my assumption would be that Freenas would use the existing pool's key to encrypt the new disk's key.
- What happens if a reboot occurs before re-keying? Why is there uncertainty in this scenario?
- Given that large disks can take hours to resilver, this seems...risky. Am I misunderstanding something here, or do operators just sit at their machine for the duration of the resilver while praying for no power failures?
Last edited: