Ya, This doesn't work any more.
The freebsd gpt Bootloader can now quite easily boot of geliencrypted ZFS pools. These instructions are quite terse.
Install using the latest 11-Current ISO, When choosing disk-layout choose auto root on ZFS with encryption.
Remove all GELI_* entries and change geom_eli_passphrase_prompt="YES" to geom_eli_passphrase_prompt="NO" in loader.conf
- Grab the latest sources
- recompile and install the latest 11-Current. with boot-parts
- Copy /boot from bootpool to zroot and destroy the bootpool, we'll be booting from zroot encrypted from now on.
- Install the latest gptzfsboot and remove the key-encryption on zroot partition.
- Finally we destroy the partition holding the old boot environment.
svn checkout https://svn.freebsd.org/base/head/ /usr/src/ cd /usr/src make -j 4 buildworld make -j 4 buildkernel KERNCONF=GENERIC-NODEBUG make installkernel KERNCONF=GENERIC-NODEBUG make -C sys/boot install make installworld gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0 geli setkey /dev/ada0p4 rm /boot cp -r /bootpool/boot/ / zpool destroy bootpool gpart delete -i 2 ada0 #Remove zfs-boot partition reboot
Good Luck and have fun!
I tested on a virtualbox
Credit goes to Allan Jude and his persistance in implementing the bootcode.
Allan Jude - AsiaBSDCon2016_geliboot.pdf