Based on the reading I’ve done, you cannot encrypt the boot volume, which stores the encryption keys for the data drives. Is that still the case? What options are there to prevent against physical theft?
Hi and welcome to the forums.
You can use passphrase encryption instead of keys if you wish.
Hi thanks for the reply.
When using a passphrase:
- Does it prompt to unlock any data (boot, data, otherwise) during power on?
- Does the passphrase protect the boot volume, plus any partition that stores sensitive data?
Passphrase encryption can happen at the dataset level of your data pool not boot pool.
Once booted the dataset remains locked until you enter the correct passphrase.