I am aware of how to do this on Linux. I do exactly as you subscribe.
But running the /boot on external USB seems to cause more issues than when I merely have /boot partition and a partition with LVM inside LUKS volume on the same physical disk.
I want to know if FreeBSD works that way, as I hear some FreeBSD on FreeBSDTalk and other podcasts say they have made big strides on laptop support (jokes abound with resume/sleep issues) on different laptops, but I am curious how far these improvements go.
External boot enables me to carry encryption key on it secretly so that I don't need to enter it manually. With on-machine unencrypted boot, you cannot do like that, because it's pointless. Anyway, another important issue is Evil Maid Attack. To recap, if you leave your device alone for a moment, an adversary may edit your bootpath (BIOS/EFI, or just your boot partition) to insert keylogger. Then, as long as you enter your key once, the game is over.
BIOS/EFI hacking is not possible if you have trusted stuff setup properly. Hacking an unencrypted boot partition is just piece of cake.
I believe Linux or BSD can do whatever you want, just be careful with what you want.
I leave the boot on the normal HDD and carry an sdcard with the key. I can also type the very long pass phrase and start the box though I could also make it key start only.
But running the /boot on external USB seems to cause more issues than when I merely have /boot partition and a partition with LVM inside LUKS volume on the same physical disk.
I want to know if FreeBSD works that way, as I hear some FreeBSD on FreeBSDTalk and other podcasts say they have made big strides on laptop support (jokes abound with resume/sleep issues) on different laptops, but I am curious how far these improvements go.