This is the procedure to prepare and configure external USB SSD storage for secure backup or storage with GELI encryption and ZFS on FreeBSD.

GELI, also known as GEOM ELI, is a built-in block-level disk encryption framework in FreeBSD. GELI provides encryption and integrity for data on storage devices, such as solid-state disks (SSDs), hard disk drives (HDDs), virtual disk drives, partitions and files.

How does GELI work?

When GELI encryption is applied to a file system for the first time, also known as initialized, the file system will be encrypted with a random master key. The master key is stored in the metadata of the GELI file system and it will remain unchanged. Instead, a user key will be used to decrypt the file system. The user key have an optional passphrase and an optional key file as its components. The user key can be changed and replaced as often as you want. I fact, up to 2 different user keys can be installed in slots. The GELI metadata, that contains the master key and the currently installed user keys, can be exported to a backup file and restored at a later time.

Identify the SSD device.

Attach the external storage and identify the device.

# dmesg
da0 at umass-sim0 bus 0 scbus7 target 0 lun 0
da0: <Seagate Performance 1337> Fixed Direct Access SPC-4 SCSI device
da0: Serial Number 1337XSCZ
da0: 400.000MB/s transfers
da0: 1907729MB (3907029167 512 byte sectors)
da0: quirks=0x2<NO_6_BYTE>

Create a key file for the user key.

In this example, I want a user key, that has both the passphrase and key file components. The key file can be created with the built-in FreeBSD utility dd. The size is not directly related to the data key length for the final encryption algorithm.

# dd if=/dev/random of=foobar.key bs=256 count=1
1+0 records in
1+0 records out
256 bytes transferred in 0.000037 secs (9560043 bytes/sec)

It is critical, that the encryption key foobar.key is stored in a safe place. I recommend, that it is named by the same name, that identifies the SSD. If the key is lost, then the encrypted data can not be decrypted.

Initialize GELI encryption.

The GELI encryption framework can now be initialized with the key file as an argument to the GELI utility. The GELI utility also creates the user key, that will consist of a passphrase and the key file foobar.key from before.

The sector size is set to 4096 bytes for better alignment with SSDs. The default encryption algorithm is AES-XTS. The data key length for the encryption algorithm is 256 bit. A backup of the metadata is written to the file foobar.eli. The utility will ask for a passphrase to be used as the passphrase component of the user key.

# geli init -s 4096 -K foobar.key -e aes-xts -l 256 -B foobar.eli /dev/da0
Enter new passphrase: 
Reenter new passphrase: 
Metadata backup for provider /dev/da0 can be found in foobar.eli
and can be restored with the following command:
  # geli restore foobar.eli /dev/da0

The passphrase should be stored in a password manager or memorized. The passphrase and the encryption key are both components, that are necessary to have. If one of these components is lost, then the encrypted data can not be decrypted.

The metadata backup file foobar.eli should be stored in the same safe place as the key and can be used to restore the metadata of the SSD in the event of accidental overwrite, corruption, sector reallocation or drive failure. The metadata contain the master key and the user keys.

If changes are made to the user keys, such as passphrase or key file, a new backup of the metadata should be made.

Attach the GELI provider.

When the USB storage device has been connected, and FreeBSD has identified it, then the GELI utility can be used to decrypt the file system. This is known as attaching. In this example, the GELI provider is attached by supplying the passphrase and key file. The result is an accessible block device to the decrypted file system. The file system can now be formatted and used as normal.

# geli attach -k foobar.key /dev/da0
Enter passphrase:

Optionally partition the SSD.

The SSD storage device can be partioned with the built-in utility gpart and its ZFS partition type for FreeBSD. This can make the file system more compatible across systems. It is, however, not necessary. If the drive will only ever be used for ZFS, then partitioning is unnecessary. ZFS is designed to work seamlessly with whole disks. When given a whole disk, it uses it directly and optimizes the placement of metadata, labels and data alignment. ZFS can claim the entire drive, which will reduce the potential for error.

# gpart create -s gpt /dev/da0
# gpart add -t freebsd-zfs -l foobar /dev/da0

Create a ZFS pool.

In this example, ZFS will be used as the file system on the external storage device. Create a ZFS pool on the encrypted device. Optimize the pool for 4096 byte sectors, which is common for SSDs, as this setting aligns ZFS blocks with SSD sectors.

# zpool create -o ashift=12 zfoo /dev/da0.eli

If the device will be used for backup, you might want to enable LZ4 compression and disable access time updates for increased performance.

# zfs set compression=lz4 zfoo
# zfs set atime=off zfoo

Create ZFS datasets.

Create ZFS datasets in the pool as needed.

# zfs create zfoo/backup
# zfs create zfoo/backup/foo
# zfs create zfoo/backup/bar

Set the ZFS mountpoint.

Set the ZFS mountpoint.

# zfs set mountpoint=/mnt/zfoo zfoo

Export ZFS pool.

When the USB SSD is no longer to be used, then it can be prepared for disconnection by exporting the ZFS pool.

# zpool export -f zfoo

Detach GELI provider.

The external USB SSD can now be physically disconnected from the USB port and stored in a safe place.

# geli detach da0

Attach GELI provider.

When the USB SSD is to be used again, it is connected via USB and the GELI provider is attached by supplying the encryption key component and the password component. The provider can also be attached to another computer, if needed.

# geli attach -k foobar.key da0
Enter passphrase:

Import ZFS pool.

When the GELI provider has been attached, the ZFS pool can then be imported.

# zpool import zfoo

The external USB SSD is now mounted and is ready to be used.

Change passphrase and key file for GELI user key.

If you want to change the passphrase or the key file for the current GELI user key, you can do so with the GELI utility. The GELI framework support up to 2 different user keys. Each user key can have an optional passphrase, an optional key file or both. The user keys, and how they are set and deleted, is described in the setkey and delkey sections in the manual for GELI.

In the following example, a backup of the metadata is made, before a new passphrase and a new keyfile is set for the user key in slot 0 in the currently attached GELI provider. The passphrase is read from a text file. The key file is read from a new key file.

# geli backup da0 foobar.eli
# geli attach -k foobar.key da0
# nano foobar.txt
# dd if=/dev/random of=newfoobar.key bs=256 count=1
# geli setkey -J foobar.txt -K foobar.key -n 0 da0
# geli detach da0

The old passphrase and the old key file can no longer be used to attach and decrypt the file system.

# geli attach -k foobar.key da0
Enter passphrase: 
geli: Wrong key for da0.
geli: There was an error with at least one provider.

How to decrypt a GELI encrypted SSD without encryption key and passphrase.

The two component setup significantly enhances security, because an attacker, that has access to the physical SSD, would need both components in order to decrypt and read data on the SSD. If the attacker has access to the physical SSD, but only in possession of one of these components, then the encryption remains effectively unbreakable.

AES-XTS with a 256-bit key is highly secure and used for military and government grade data encryption. Breaking this encryption by brute-forcing it would take an immense amount of computer power and time. More than what is possible with current technology.

In order to decrypt and access data, that is stored on GELI encrypted SSD storage, without the encryption key or passphrase, the attacker would need expert cryptographic skills, extraordinary computer resources and secret intelligence resources, which a three letter national state driven agency might have. Even then, the chance of success would be extremely low and hardly worth the effort.

As an open-source project, GELI is subject to public scrutiny of programmers and cryptographic experts, which ensure, that there are no intentional backdoors nor undiscovered weaknesses. The GELI project does not have its own official website. It is a part of the FreeBSD operating system and is documented in the storage chapter in the FreeBSD Handbook.

References.

Published by Micski

Micski lives in Copenhagen, which is the capitol city of Denmark, where he's a system administrator of information technology and a semi-professional poker player.