Encrypted swap space

This will enable you to use a memory-based one-time encryption key for your swap space.

First, you need to enable the geom_eli kernel module… to do this, add the following line to your /boot/loader.conf file:


Now, to enable the encrypted swap space, edit your /etc/rc.conf file, and add:

geli_swap_flags=”-e AES -l 128 -s 4096 -d”

And finally, add .eli to the device name in your /etc/fstab file for the line marked “swap”.  For example:

# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/da0s1b.eli         none            swap    sw              0       0

Next time you reboot, your swap space will be encrypted with AES 128-bit encryption using a one-time key stored in memory.

Leave a Reply

Your email address will not be published.