Recently, I wanted an encrypted working directory on a running FreeBSD system. The system was running on a plain (unencrypted) ZFS pool and there’s no plan to add disks to it. I needed the working directory only temporarily. I came up with the following options. Use GELI on a ZFS volume (zvol). Use GELI on a memory disk (md). Use PEFS on a directory. I excluded PEFS because I had very little experience.

I had been wanting to migrate a FreeBSD system on a GEOM mirror (gmirror) to a ZFS mirror. After several rehearsals on a VM, I have finally achieved that goal with the following steps. Load ZFS-releated kernel modules and set a tunable to use 4K sector drives. sudo kldload zfs sudo sysctl vfs.zfs.min_auto_ashift=12 Remove one (da0) of the two disks (da0, da1) which make up the gmirror (gm0).