Recent articles (showing 1-10 out of 69):

WARNING: This post has been marked as obsolete and may be incorrect. It is kept for archival purposes only. This will enable you to use a memory-based one-time encryption key for your swap space.

First, you need to enable the geom_eli kernel module... to do this, add the following line to your /boot/loader.conf file:

geom_eli_load="YES" Copy

Now, to enable the encrypted swap space, edit your /etc/rc.conf file, and add:

geli_swap_flags="-e AES -l 128 -s 4096 -d" Copy

And finally, add .eli to the device name in your /etc/fstab file for the line marked "swap".  For example:

# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/da0s1b.eli         none            swap    sw              0       0 Copy

Next time you reboot, your swap space will be encrypted with AES 128-bit encryption using a one-time key stored in memory.