Encrypting the swap

This guide will help you to encrypt the swap partition in FreeBSD. Here's a video where you can watch how to do it. In case you want to do it with no video continue to read.


Enable Geom ELI in /boot/loader.conf

Edit the file /boot/loader.conf if file doesn't excist simply create it and add these two lines and save.

options GEOM_ELI

device crypto

Edit /etc/fstab

To enable swap encryption in FreeBSD is very simple all you have to do is to edit the /etc/fstab file and to add .eli right after the device name for the encryption.

the swap line before edited

/dev/ad0p3

none

swap

sw

0

0

the swap line after edited

/dev/ad0p3.eli

none

swap

sw

0

0

Reboot your machine

Now you have to reboot your machine to enable the settings in /boot/loader.conf, this will enable the GELI encryption support.

reboot is the command to restart FreeBSD.

Thats all

Thats enough for activating the encryption for swap in FreeBSD. FreeBSD will now automatic generate a new passphrase for each reboot to the swap.