Bug 263171

Summary: add loader(8) and boot loader menu support for boot with OpenZFS-encrypted ROOT
Product: Base System Reporter: Graham Perrin <grahamperrin>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me CC: alex-freebsd-bugs, brandon.freebsd, bsduck, cgqix35t4, colin, freebsd, imp, mmpestorich, orangewinds, pi
Priority: --- Keywords: feature, loader, needs-patch, needs-qa
Version: CURRENT   
Hardware: Any   
OS: Any   
URL: https://github.com/freebsd/freebsd-src/tree/main/stand
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263234
Attachments:
Description Flags
Screenshot: FreeBSD boot loader menu none

Description Graham Perrin freebsd_committer freebsd_triage 2022-04-09 06:51:46 UTC 
Created attachment 233089 [details]
Screenshot: FreeBSD boot loader menu

<https://www.freebsd.org/cgi/man.cgi?query=loader&sektion=8&manpath=FreeBSD>
Comment 1 Warner Losh freebsd_committer freebsd_triage 2024-01-17 23:49:38 UTC 
Is there a patch?
Comment 2 Paul Ivanov 2024-02-13 23:50:04 UTC 
A workaround for anyone else wanting to have an OpenZFS encrypted root, here are my notes from setting that up:

https://forums.freebsd.org/threads/the-quest-for-unencrypted-boot-and-zfs-native-encrypted.91940/#post-640041

It involves having a unencrypted /boot partition that doubles as / on initial boot into single user mode, then loads the zfs keys, mounts the encrypted / and re-roots to it (via `reboot -r`).