1 .\" Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net>
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd "control utility for the cryptographic GEOM class"
34 To compile GEOM_ELI into your kernel, add the following lines to your kernel
36 .Bd -ragged -offset indent
38 .Cd "options GEOM_ELI"
41 Alternatively, to load the GEOM_ELI module at boot time, add the following line
44 .Bd -literal -offset indent
56 .Op Fl B Ar backupfile
58 .Op Fl i Ar iterations
59 .Op Fl J Ar newpassfile
60 .Op Fl K Ar newkeyfile
62 .Op Fl s Ar sectorsize
66 .Cm label - an alias for
79 .Cm stop - an alias for
87 .Op Fl s Ar sectorsize
96 .Op Fl i Ar iterations
98 .Op Fl J Ar newpassfile
100 .Op Fl K Ar newkeyfile
159 utility is used to configure encryption on GEOM providers.
161 The following is a list of the most important features:
163 .Bl -bullet -offset indent -compact
167 framework, so when there is crypto hardware available,
169 will make use of it automatically.
171 Supports many cryptographic algorithms (currently
179 Can optionally perform data authentication (integrity verification) utilizing
180 one of the following algorithms:
189 Can create a User Key from up to two, piecewise components: a passphrase
190 entered via prompt or read from one or more passfiles; a keyfile read from
193 Allows encryption of the root partition.
194 The user will be asked for the
195 passphrase before the root file system is mounted.
197 Strengthens the passphrase component of the User Key with:
200 .%T "PKCS #5: Password-Based Cryptography Specification, Version 2.0."
205 Allows the use of two independent User Keys (e.g., a
208 .Qq "company key" ) .
212 performs simple sector-to-sector encryption.
214 Allows the encrypted Master Key to be backed up and restored,
215 so that if a user has to quickly destroy key material,
216 it is possible to get the data back by restoring keys from
219 Providers can be configured to automatically detach on last close
220 (so users do not have to remember to detach providers after unmounting
223 Allows attaching a provider with a random, one-time Master Key -
224 useful for swap partitions and temporary file systems.
226 Allows verification of data integrity (data authentication).
228 Allows suspending and resuming encrypted devices.
231 The first argument to
233 indicates an action to be performed:
234 .Bl -tag -width ".Cm configure"
236 Initialize the provider which needs to be encrypted.
237 Here you can set up the cryptographic algorithm to use, Data Key length,
239 The last sector of the provider is used to store metadata.
242 subcommand also automatically writes metadata backups to
243 .Pa /var/backups/<prov>.eli
245 The metadata can be recovered with the
247 subcommand described below.
249 Additional options include:
250 .Bl -tag -width ".Fl J Ar newpassfile"
252 Enable data integrity verification (authentication) using the given algorithm.
253 This will reduce the size of storage available and also reduce speed.
254 For example, when using 4096 bytes sector and
256 algorithm, 89% of the original provider storage will be available for use.
257 Currently supported algorithms are:
265 If the option is not given, there will be no authentication, only encryption.
266 The recommended algorithm is
269 Ask for the passphrase on boot, before the root partition is mounted.
270 This makes it possible to use an encrypted root partition.
271 One will still need bootable unencrypted storage with a
273 directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
275 .It Fl B Ar backupfile
276 File name to use for metadata backup instead of the default
277 .Pa /var/backups/<prov>.eli .
278 To inhibit backups, you can use
283 Encryption algorithm to use.
284 Currently supported algorithms are:
292 The default and recommended algorithm is
296 .It Fl i Ar iterations
297 Number of iterations to use with PKCS#5v2 when processing User Key
298 passphrase component.
299 If this option is not specified,
301 will find the number of iterations which is equal to 2 seconds of crypto work.
302 If 0 is given, PKCS#5v2 will not be used.
303 PKCS#5v2 processing is performed once, after all parts of the passphrase
304 component have been read.
305 .It Fl J Ar newpassfile
306 Specifies a file which contains the passphrase component of the User Key
310 is given as -, standard input will be used.
311 Only the first line (excluding new-line character) is taken from the given file.
312 This argument can be specified multiple times, which has the effect of
313 reassembling a single passphrase split across multiple files.
314 Cannot be combined with the
317 .It Fl K Ar newkeyfile
318 Specifies a file which contains the keyfile component of the User Key
322 is given as -, standard input will be used.
323 This argument can be specified multiple times, which has the effect of
324 reassembling a single keyfile split across multiple keyfile parts.
326 Data Key length to use with the given cryptographic algorithm.
327 If the length is not specified, the selected algorithm uses its
330 .Bl -ohang -offset indent
334 .It Nm AES-CBC , Nm Camellia-CBC
340 + n * 32, for n=[0..10]
345 Do not use a passphrase as a component of the User Key.
346 Cannot be combined with the
349 .It Fl s Ar sectorsize
350 Change decrypted provider's sector size.
351 Increasing the sector size allows increased performance,
352 because encryption/decryption which requires an initialization vector
353 is done per sector; fewer sectors means less computational work.
355 Metadata version to use.
356 This option is helpful when creating a provider that may be used by older
361 section to find which metadata version is supported by which FreeBSD version.
362 Note that using an older version of metadata may limit the number of
366 Attach the given provider.
367 The encrypted Master Key will be loaded from the metadata and decrypted
368 using the given passphrase/keyfile and a new GEOM provider will be created
369 using the given provider's name with an
373 Additional options include:
374 .Bl -tag -width ".Fl j Ar passfile"
376 If specified, a decrypted provider will be detached automatically on last close.
377 This can help with scarce memory so the user does not have to remember to detach the
378 provider after unmounting the file system.
379 It only works when the provider was opened for writing, so it will not work if
380 the file system on the provider is mounted read-only.
381 Probably a better choice is the
387 Specifies a file which contains the passphrase component of the User Key
389 For more information see the description of the
395 Specifies a file which contains the keyfile component of the User Key
397 For more information see the description of the
403 Do not use a passphrase as a component of the User Key.
404 Cannot be combined with the
408 Attach read-only provider.
409 It will not be opened for writing.
412 Detach the given providers, which means remove the devfs entry
413 and clear the Master Key and Data Keys from memory.
415 Additional options include:
416 .Bl -tag -width ".Fl f"
418 Force detach - detach even if the provider is open.
420 Mark provider to detach on last close.
421 If this option is specified, the provider will not be detached
422 while it is open, but will be automatically detached when it is closed for the
423 last time even if it was only opened for reading.
426 Attach the given providers with a random, one-time (ephemeral) Master Key.
427 The command can be used to encrypt swap partitions or temporary file systems.
429 Additional options include:
430 .Bl -tag -width ".Fl a Ar sectorsize"
432 Enable data integrity verification (authentication).
433 For more information, see the description of the
437 Encryption algorithm to use.
438 For more information, see the description of the
442 Detach on last close.
443 Note: this option is not usable for temporary file systems as the provider will
444 be detached after creating the file system on it.
445 It still can (and should be) used for swap partitions.
446 For more information, see the description of the
450 Data Key length to use with the given cryptographic algorithm.
451 For more information, see the description of the
454 .It Fl s Ar sectorsize
455 Change decrypted provider's sector size.
456 For more information, see the description of the
461 Change configuration of the given providers.
463 Additional options include:
464 .Bl -tag -width ".Fl b"
466 Set the BOOT flag on the given providers.
467 For more information, see the description of the
471 Remove the BOOT flag from the given providers.
474 Install a copy of the Master Key into the selected slot, encrypted with
476 If the selected slot is populated, replace the existing copy.
477 A provider has one Master Key, which can be stored in one or both slots,
478 each encrypted with an independent User Key.
481 subcommand, only key number 0 is initialized.
482 The User Key can be changed at any time: for an attached provider,
483 for a detached provider, or on the backup file.
484 When a provider is attached, the user does not have to provide
485 an existing passphrase/keyfile.
487 Additional options include:
488 .Bl -tag -width ".Fl J Ar newpassfile"
489 .It Fl i Ar iterations
490 Number of iterations to use with PKCS#5v2.
491 If 0 is given, PKCS#5v2 will not be used.
492 To be able to use this option with the
494 subcommand, only one key has to be defined and this key must be changed.
496 Specifies a file which contains the passphrase component of a current User Key
498 .It Fl J Ar newpassfile
499 Specifies a file which contains the passphrase component of the new User Key
502 Specifies a file which contains the keyfile component of a current User Key
504 .It Fl K Ar newkeyfile
505 Specifies a file which contains the keyfile component of the new User Key
508 Specifies the index number of the Master Key copy to change (could be 0 or 1).
509 If the provider is attached and no key number is given, the key
510 used for attaching the provider will be changed.
511 If the provider is detached (or we are operating on a backup file)
512 and no key number is given, the first Master Key copy to be successfully
513 decrypted with the provided User Key passphrase/keyfile will be changed.
515 Do not use a passphrase as a component of the current User Key.
516 Cannot be combined with the
520 Do not use a passphrase as a component of the new User Key.
521 Cannot be combined with the
526 Destroy (overwrite with random data) the selected Master Key copy.
527 If one is destroying keys for an attached provider, the provider
528 will not be detached even if all copies of the Master Key are destroyed.
529 It can even be rescued with the
531 subcommand because the Master Key is still in memory.
533 Additional options include:
534 .Bl -tag -width ".Fl a Ar keyno"
536 Destroy all copies of the Master Key (does not need
540 Force key destruction.
541 This option is needed to destroy the last copy of the Master Key.
543 Specifies the index number of the Master Key copy.
544 If the provider is attached and no key number is given, the key
545 used for attaching the provider will be destroyed.
546 If provider is detached (or we are operating on a backup file) the key number
550 This command should be used only in emergency situations.
551 It will destroy all copies of the Master Key on a given provider and will
552 detach it forcibly (if it is attached).
553 This is absolutely a one-way command - if you do not have a metadata
554 backup, your data is gone for good.
555 In case the provider was attached with the
557 flag, the keys will not be destroyed, only the provider will be detached.
559 Additional options include:
560 .Bl -tag -width ".Fl a"
562 If specified, all currently attached providers will be killed.
565 Backup metadata from the given provider to the given file.
567 Restore metadata from the given file to the given provider.
569 Additional options include:
570 .Bl -tag -width ".Fl f"
572 Metadata contains the size of the provider to ensure that the correct
573 partition or slice is attached.
574 If an attempt is made to restore metadata to a provider that has a different
577 will refuse to restore the data unless the
580 If the partition or slice has been grown, the
582 subcommand should be used rather than attempting to relocate the metadata
589 Suspend device by waiting for all inflight requests to finish, clearing all
590 sensitive information (like the Master Key and Data Keys) from kernel memory,
591 and blocking all further I/O requests until the
593 subcommand is executed.
594 This functionality is useful for laptops: when one wants to suspend a
595 laptop, one does not want to leave an encrypted device attached.
596 Instead of closing all files and directories opened from a file system located
597 on an encrypted device, unmounting the file system, and detaching the device,
600 subcommand can be used.
601 Any access to the encrypted device will be blocked until the Master Key is
605 Thus there is no need to close nor unmount anything.
608 subcommand does not work with devices created with the
611 Please note that sensitive data might still be present in memory after
612 suspending an encrypted device due to the file system cache, etc.
614 Additional options include:
615 .Bl -tag -width ".Fl a"
622 Resume previously suspended device.
623 The caller must ensure that executing this subcommand does not access the
624 suspended device, leading to a deadlock.
625 For example suspending a device which contains the file system where the
627 utility is stored is bad idea.
629 Additional options include:
630 .Bl -tag -width ".Fl j Ar passfile"
632 Specifies a file which contains the passphrase component of the User Key
634 For more information see the description of the
640 Specifies a file which contains the keyfile component of the User Key
642 For more information see the description of the
648 Do not use a passphrase as a component of the User Key.
649 Cannot be combined with the
656 that the provider has been resized.
657 The old metadata block is relocated to the correct position at the end of the
658 provider and the provider size is updated.
660 Additional options include:
661 .Bl -tag -width ".Fl s Ar oldsize"
663 The size of the provider before it was resized.
666 If no arguments are given, the
668 subcommand will print the version of
670 userland utility as well as the version of the
674 If GEOM providers are specified, the
676 subcommand will print metadata version used by each of them.
678 Clear metadata from the given providers.
680 This will erase with zeros the encrypted Master Key copies stored in the
683 Dump metadata stored on the given providers.
698 Additional options include:
699 .Bl -tag -width ".Fl v"
709 utility generates a random Master Key for the provider.
710 The Master Key never changes during the lifetime of the provider.
711 Each copy of the provider metadata, active or backed up to a file, can store
712 up to two, independently-encrypted copies of the Master Key.
714 Each stored copy of the Master Key is encrypted with a User Key, which
717 utility from a passphrase and/or a keyfile.
720 utility first reads all parts of the keyfile in the order specified on the
721 command line, then reads all parts of the stored passphrase in the order
722 specified on the command line.
723 If no passphrase parts are specified, the system prompts the user to enter
725 The passphrase is optionally strengthened by PKCS#5v2.
726 The User Key is a digest computed over the concatenated keyfile and passphrase.
728 During operation, one or more Data Keys are deterministically derived by
729 the kernel from the Master Key and cached in memory.
730 The number of Data Keys used by a given provider, and the way they are
731 derived, depend on the GELI version and whether the provider is configured to
732 use data authentication.
736 variables can be used to control the behavior of the
739 The default value is shown next to each variable.
740 Some variables can also be set in
741 .Pa /boot/loader.conf .
742 .Bl -tag -width indent
743 .It Va kern.geom.eli.version
744 Version number of the
747 .It Va kern.geom.eli.debug : No 0
751 This can be set to a number between 0 and 3 inclusive.
752 If set to 0, minimal debug information is printed.
754 maximum amount of debug information is printed.
755 .It Va kern.geom.eli.tries : No 3
756 Number of times a user is asked for the passphrase.
757 This is only used for providers which are attached on boot
758 (before the root file system is mounted).
759 If set to 0, attaching providers on boot will be disabled.
760 This variable should be set in
761 .Pa /boot/loader.conf .
762 .It Va kern.geom.eli.overwrites : No 5
763 Specifies how many times the Master Key will be overwritten
764 with random values when it is destroyed.
765 After this operation it is filled with zeros.
766 .It Va kern.geom.eli.visible_passphrase : No 0
767 If set to 1, the passphrase entered on boot (before the root
768 file system is mounted) will be visible.
769 This alternative should be used with caution as the entered
770 passphrase can be logged and exposed via
772 This variable should be set in
773 .Pa /boot/loader.conf .
774 .It Va kern.geom.eli.threads : No 0
775 Specifies how many kernel threads should be used for doing software
777 Its purpose is to increase performance on SMP systems.
778 If set to 0, a CPU-pinned thread will be started for every active CPU.
779 .It Va kern.geom.eli.batch : No 0
780 When set to 1, can speed-up crypto operations by using batching.
781 Batching reduces the number of interrupts by responding to a group of
782 crypto requests with one interrupt.
783 The crypto card and the driver has to support this feature.
784 .It Va kern.geom.eli.key_cache_limit : No 8192
785 Specifies how many Data Keys to cache.
787 (8192 keys) will allow caching of all keys for a 4TB provider with 512 byte
788 sectors and will take around 1MB of memory.
789 .It Va kern.geom.eli.key_cache_hits
790 Reports how many times we were looking up a Data Key and it was already in
792 This sysctl is not updated for providers that need fewer Data Keys than
793 the limit specified in
794 .Va kern.geom.eli.key_cache_limit .
795 .It Va kern.geom.eli.key_cache_misses
796 Reports how many times we were looking up a Data Key and it was not in cache.
797 This sysctl is not updated for providers that need fewer Data Keys than the limit
799 .Va kern.geom.eli.key_cache_limit .
802 Exit status is 0 on success, and 1 if the command fails.
804 Initialize a provider which is going to be encrypted with a
805 passphrase and random data from a file on the user's pen drive.
807 Attach the provider, create a file system, and mount it.
809 Unmount the provider and detach it:
810 .Bd -literal -offset indent
811 # dd if=/dev/random of=/mnt/pendrive/da2.key bs=64 count=1
812 # geli init -s 4096 -K /mnt/pendrive/da2.key /dev/da2
813 Enter new passphrase:
814 Reenter new passphrase:
815 # geli attach -k /mnt/pendrive/da2.key /dev/da2
817 # dd if=/dev/random of=/dev/da2.eli bs=1m
819 # mount /dev/da2.eli /mnt/secret
822 # geli detach da2.eli
825 Create an encrypted provider, but use two User Keys:
826 one for your employee and one for you as the company's security officer
827 (so it is not a tragedy if the employee
829 forgets his passphrase):
830 .Bd -literal -offset indent
832 Enter new passphrase: (enter security officer's passphrase)
833 Reenter new passphrase:
834 # geli setkey -n 1 /dev/da2
835 Enter passphrase: (enter security officer's passphrase)
836 Enter new passphrase: (let your employee enter his passphrase ...)
837 Reenter new passphrase: (... twice)
840 You are the security officer in your company.
841 Create an encrypted provider for use by the user, but remember that users
842 forget their passphrases, so backup the Master Key with your own random key:
843 .Bd -literal -offset indent
844 # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
845 # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ada0s1e
846 # geli backup /dev/ada0s1e /mnt/pendrive/backups/`hostname`
847 (use key number 0, so the encrypted Master Key will be re-encrypted by this)
848 # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ada0s1e
849 (allow the user to enter his passphrase)
850 Enter new passphrase:
851 Reenter new passphrase:
854 Encrypted swap partition setup:
855 .Bd -literal -offset indent
856 # dd if=/dev/random of=/dev/ada0s1b bs=1m
857 # geli onetime -d -e 3des ada0s1b
858 # swapon /dev/ada0s1b.eli
861 The example below shows how to configure two providers which will be attached
862 on boot (before the root file system is mounted).
863 One of them is using passphrase and three keyfile parts and the other is
864 using only a keyfile in one part:
865 .Bd -literal -offset indent
866 # dd if=/dev/random of=/dev/da0 bs=1m
867 # dd if=/dev/random of=/boot/keys/da0.key0 bs=32k count=1
868 # dd if=/dev/random of=/boot/keys/da0.key1 bs=32k count=1
869 # dd if=/dev/random of=/boot/keys/da0.key2 bs=32k count=1
870 # geli init -b -K /boot/keys/da0.key0 -K /boot/keys/da0.key1 -K /boot/keys/da0.key2 da0
871 Enter new passphrase:
872 Reenter new passphrase:
873 # dd if=/dev/random of=/dev/da1s3a bs=1m
874 # dd if=/dev/random of=/boot/keys/da1s3a.key bs=128k count=1
875 # geli init -b -P -K /boot/keys/da1s3a.key da1s3a
878 The providers are initialized, now we have to add these lines to
879 .Pa /boot/loader.conf :
880 .Bd -literal -offset indent
881 geli_da0_keyfile0_load="YES"
882 geli_da0_keyfile0_type="da0:geli_keyfile0"
883 geli_da0_keyfile0_name="/boot/keys/da0.key0"
884 geli_da0_keyfile1_load="YES"
885 geli_da0_keyfile1_type="da0:geli_keyfile1"
886 geli_da0_keyfile1_name="/boot/keys/da0.key1"
887 geli_da0_keyfile2_load="YES"
888 geli_da0_keyfile2_type="da0:geli_keyfile2"
889 geli_da0_keyfile2_name="/boot/keys/da0.key2"
891 geli_da1s3a_keyfile0_load="YES"
892 geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
893 geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
896 Not only configure encryption, but also data integrity verification using
898 .Bd -literal -offset indent
899 # geli init -a hmac/sha256 -s 4096 /dev/da0
900 Enter new passphrase:
901 Reenter new passphrase:
902 # geli attach /dev/da0
904 # dd if=/dev/random of=/dev/da0.eli bs=1m
906 # mount /dev/da0.eli /mnt/secret
910 writes the metadata backup by default to the
911 .Pa /var/backups/<prov>.eli
913 If the metadata is lost in any way (e.g., by accidental overwrite), it can be restored.
914 Consider the following situation:
915 .Bd -literal -offset indent
917 Enter new passphrase:
918 Reenter new passphrase:
920 Metadata backup can be found in /var/backups/da0.eli and
921 can be restored with the following command:
923 # geli restore /var/backups/da0.eli /dev/da0
925 # geli clear /dev/da0
926 # geli attach /dev/da0
927 geli: Cannot read metadata from /dev/da0: Invalid argument.
928 # geli restore /var/backups/da0.eli /dev/da0
929 # geli attach /dev/da0
933 If an encrypted file system is extended, it is necessary to relocate and
935 .Bd -literal -offset indent
936 # gpart create -s GPT ada0
937 # gpart add -s 1g -t freebsd-ufs -i 1 ada0
938 # geli init -K keyfile -P ada0p1
939 # gpart resize -s 2g -i 1 ada0
940 # geli resize -s 1g ada0p1
941 # geli attach -k keyfile -p ada0p1
944 Initialize provider with the passphrase split into two files.
945 The provider can be attached using those two files or by entering
947 as the passphrase at the
950 .Bd -literal -offset indent
951 # echo foo > da0.pass0
952 # echo bar > da0.pass1
953 # geli init -J da0.pass0 -J da0.pass1 da0
954 # geli attach -j da0.pass0 -j da0.pass1 da0
957 Enter passphrase: foobar
962 devices on a laptop, suspend the laptop, then resume devices one by one after
964 .Bd -literal -offset indent
968 # geli resume -p -k keyfile gpt/secret
969 # geli resume gpt/private
974 supports two encryption modes:
976 which was standardized as
980 with unpredictable IV.
985 is very similar to the mode
987 .Sh DATA AUTHENTICATION
989 can verify data integrity when an authentication algorithm is specified.
990 When data corruption/modification is detected,
992 will not return any data, but instead will return an error
994 The offset and size of the corrupted data will be printed on the console.
995 It is important to know against which attacks
997 provides protection for your data.
998 If data is modified in-place or copied from one place on the disk
999 to another even without modification,
1001 should be able to detect such a change.
1002 If an attacker can remember the encrypted data, he can overwrite any future
1003 changes with the data he owns without it being noticed.
1006 will not protect your data against replay attacks.
1008 It is recommended to write to the whole provider before first use,
1009 in order to make sure that all sectors and their corresponding
1010 checksums are properly initialized into a consistent state.
1011 One can safely ignore data authentication errors that occur immediately
1012 after the first time a provider is attached and before it is
1013 initialized in this way.
1029 block cipher is implemented by Yoshisato Yanagisawa in
1034 metadata version supported by the given FreeBSD version:
1035 .Bl -column -offset indent ".Sy FreeBSD" ".Sy version"
1036 .It Sy FreeBSD Ta Sy GELI
1037 .It Sy version Ta Sy version
1060 .An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org