We've had many users ask us about support for doing BE's on systems using GELI full-disk encryption. The issue I currently see with this is that "beadm" doesn't have a way to create / destroy snapshots on a separate boot-pool, if you have your kernel and such not on pool/ROOT/be.
Is this something that is technically feasible? Could we hack in support for setting a BOOTPOOL variable in beadm.conf, and have it just snap / destroy at the same time as the root pool?
I've that problem, using TrueOS.
As you know TrueOS uses GRUB2 in order to get BE support in the boot loader.
As GRUB supports GELI, one could probably shoehorn it to boot with the kernel on the same zpool as the rest.
OTOH I'd really like to see the FreeBSD boot loader support BEs and/with GELI.
As AJ mentioned in the BSDnow podcast using GRUB2 with GELI works, but only with GELI version 5.
Anyone already patched GRUB to work with GELI version 7?
And it would be nice, if one would not have to provide the GELI key twice, not to mention that you can no longer use key-files.
So I'll just wait for you to finish it ;-)
And keep rolling with GELI5.
I'm going to close this, since we did manage to get GELI support with GRUB working for PC-BSD.