PC-BSD is a desktop distribution based on FreeBSD. The latest stable release, PC-BSD 8.2, was made available for public download last month. This article presents a review of this latest release.
Installation: The installer offers several boot methods. The default is to boot directly into the graphical installation program. There is also a Live Mode option. During several test installations I made using the boot-only CD, choosing he Live Mode option still booted into the install mode. And in a few instances when attempting to start installation from a full DVD image in Live Mode, the Install icon failed to start.
SysInstaller, the graphical installation program, still gives you the option to install a fresh system, upgrade an existing installation, or restore an installation from a backup. Plus, you can install a FreeBSD dedicated server, instead of a PC-BSD desktop.
A few new features have been added to the installer since PC-BSD 8.1 (see PC-BSD 8.1 review). It now sports a one-click encryption option, and also a one-click option to enable a ZFS-based installation. You may also use a GPT-based partitioning scheme, rather than the default MBR (partitioning) scheme. Using GPT (GUID Partition Table), you can theoretically create an unlimited number of partitions. Most popular operating systems max-out at 128 partitions.
A fresh installation of PC-BSD 8.2 takes up about 6.5 GB of disk space, which is hefty compared to a GNOME-based desktop, but normal for a KDE-based installation. A fresh installation of a GNOME-based installation typically uses about 3 GB of disk space.
Note: ZFS implementation on PC-BSD (and FreeBSD) is not at the same level as what is available on Oracle Solaris. ZFS Pool Version is at 31 and the ZFS File System Version is at 5. PC-BSD 8.2 ships with ZFS Pool Version 15 and ZFS File System Version 4. That just means that there are some cool features of ZFS that are not yet available on PC-BSD.
Like every other installer with a one-click support for encryption, the installer will prompt for a password/passphrase when the “Encrypt user data” option is selected. As expected, if you click Yes, input fields for the password/passphrase comes up next. The minimum character length for the password/passphrase is six, which I think is too short.
Note that if you click No, that is, if you opt not to specify a passphrase, the installer will still encrypt the disk using a random-generated key. The key is stored under the /boot/keys directory. The problem here is after installation, the system will boot without the encryption key.
If you opt to use the default file system, UFS+S, the installer creates separate partitions for /, swap, /var, and /usr, but only encrypts the /usr partition. Unlike on Linux distributions, where users’ home directories are under /home, users’ home directories on PC-BSD are created under /usr, so encrypting /usr almost has the same effect as Ubuntu and Ubuntu-based distributions encrypting a user’s home directory. In other words, the default configuration of disk encryption on PC-BSD 8.2 is not full disk encryption.
It is not even full disk encryption if you choose to use the ZFS file system. By encrypting the ZPool, the file system directories under the ZPool ( /, /var, and /usr by default) are effectively encrypted. But swap, which is on a separate partition, is not. There is a good reason why swap should be encrypted, that is, if you want to take full advantage of what disk encryption offers. Here is what the FreeBSD Handbook says about encrypting swap:
Like the encryption of disk partitions, encryption of swap space is done to protect sensitive information. Imagine an application that e.g. deals with passwords. As long as these passwords stay in physical memory, all is well. However, if the operating system starts swapping out memory pages to free space for other applications, the passwords may be written to the disk platters unencrypted and easy to retrieve for an adversary. Encrypting swap space can be a solution for this scenario.
If you share my sense of security (or is that paranoia?) and you want to encrypt swap, the FreeBSD Handbook provides tips on how to encrypt swap after installation.
If encryption is selected, the system will give you three tries to input the correct passphrase before the system boots successfully.
On the third unsuccessful attempt, the system will drop you into a shell prompt. This is different from how Fedora and other Linux distributions handle incorrect disk encryption passphrase inputs; you will keep trying until you remember the correct passphrase.