User Vesterman shows us how to get full disk encryption setup on FreeBSD, along with using an external boot drive. Be warned that your data on any existing disks will be wiped, be sure to back up properly. Follow the link below for the full instructions.


January, 2015. For about a decade now, I’ve been using full disk encryption on FreeBSD. Many articles I’ve seen on the web giving directions on how to accomplish this are not really “full disk”; they leave some of your hard drive unencrypted because the boot code itself needs to be unencrypted. I, on the other hand, am unreasonably paranoid, and so have long had my boot code on an external thumb drive so that my entire hard drive is encrypted. After booting, the thumb drive can be removed and physically kept with you or in a trusted place.

In the past, whenever I set up a new computer, I’ve used the instructions in the paper Complete Hard Disk Encryption Using FreeBSD’s GEOM Framework by Marc Schiesser to accomplish this. This worked well for me for many years, but unfortunately, it now seems to be obsolete with respect to newer versions of FreeBSD (at least as of FreeBSD 10.1; perhaps earlier versions too).

Full tutorial:

Related posts:

Setting up a FreeBSD/OpenBSD dual-boot with full disk encryption

FreeBSD 10.2 on GELI Encryption – OS Independent Booting