From owner-freebsd-hackers@freebsd.org Wed Sep 16 01:58:38 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BDA863EA323 for ; Wed, 16 Sep 2020 01:58:38 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 4Brjtj6ZKdz436w for ; Wed, 16 Sep 2020 01:58:37 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 0F6C911B70 for ; Wed, 16 Sep 2020 01:58:37 +0000 (UTC) To: freebsd-hackers@freebsd.org References: <676dfde0-4202-1dc9-f90c-420fe9bbae27@metricspace.net> <9bbc0793-25d5-6525-fad5-c74ec836e26e@grosbein.net> From: Eric McCorkle Autocrypt: addr=eric@metricspace.net; prefer-encrypt=mutual; keydata= mDMEXonLJBYJKwYBBAHaRw8BAQdA4oHU11A8qtqD0EtRofyORHbGX1ZIT/mnk9eceKQx56q0 JEVyaWMgTWNDb3JrbGUgPGVyaWNAbWV0cmljc3BhY2UubmV0PoiZBBMWCABBAhsDBQkB4TOA BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEPfuJobsx0Me4pIwLPOOjZtwQVqwFAl6JzIAC GQEACgkQPOOjZtwQVqy2DgD+IRCNNfb7C16fjEHazDMBwmBIMz+CTJUdhoz73P9iy0cA/ixK 83qOW46q1fpCpaZtPvv0FRpcZ5EppnNQ0Yuh40YLuDgEXonLJBIKKwYBBAGXVQEFAQEHQCxw rRXlvDoXgDGv2WMrLy9UaJ4fNWXIdlaiiKZIH7lBAwEIB4h+BBgWCAAmFiEEPfuJobsx0Me4 pIwLPOOjZtwQVqwFAl6JyyQCGwwFCQHhM4AACgkQPOOjZtwQVqxS7wD+JgzZC4995EL9j2iB qhPUZTIgs61IypLoDx+o1zsSfvkBALs+/jvkQL4plT0hGtfFaa0iMnLeIXKd/1FSNGSD9hQI Subject: Re: ZFS encryption and loader Message-ID: Date: Tue, 15 Sep 2020 21:58:22 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <9bbc0793-25d5-6525-fad5-c74ec836e26e@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aH9EEbGhoMDnmIazM5SNMwGIkNLTcP1Ov" X-Rspamd-Queue-Id: 4Brjtj6ZKdz436w X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of eric@metricspace.net has no SPF policy when checking 2001:470:1f11:617::107) smtp.mailfrom=eric@metricspace.net X-Spamd-Result: default: False [-2.78 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[eric]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; AUTH_NA(1.00)[]; DMARC_NA(0.00)[metricspace.net]; NEURAL_HAM_LONG(-0.52)[-0.524]; NEURAL_HAM_SHORT(-0.31)[-0.312]; NEURAL_HAM_MEDIUM(-0.84)[-0.845]; SIGNED_PGP(-2.00)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2020 01:58:38 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --aH9EEbGhoMDnmIazM5SNMwGIkNLTcP1Ov Content-Type: multipart/mixed; boundary="Jgu6imFkkefZzGhumHpk2HcuJVHEHzMCI"; protected-headers="v1" From: Eric McCorkle To: freebsd-hackers@freebsd.org Message-ID: Subject: Re: ZFS encryption and loader References: <676dfde0-4202-1dc9-f90c-420fe9bbae27@metricspace.net> <9bbc0793-25d5-6525-fad5-c74ec836e26e@grosbein.net> In-Reply-To: <9bbc0793-25d5-6525-fad5-c74ec836e26e@grosbein.net> --Jgu6imFkkefZzGhumHpk2HcuJVHEHzMCI Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 9/12/20 9:37 PM, Eugene Grosbein wrote: > 13.09.2020 5:46, Eric McCorkle wrote: >=20 >> I'm thinking of migrating to ZFS encryption from GELI in the near futu= re. >> >> Does anyone know offhand what the state of support for ZFS encryption = in >> loader looks like, and if there's support for passing keys to the kern= el >> for boot-time loading? (I can look at adding these if they're missing= ) >=20 > Recently I've learned from one of ZoL maintainers that native > ZFS encryption is not so comprehensive as GELI. >=20 > I've been told that native ZFS encryption was initially designed for on= e specific task: > being able to receive encrypted customer data (backups), verify its int= egrity without decryption, > store and then receive incremental backups later. Therefore, not all da= ta is hidden with encryption, > for example, dataset names and some other metadata are not. >=20 I've looked into this prior, and you're right. The metadata that remains unencrypted shouldn't be a security risk, unless you're leaking info through your dataset names or something. I don't know enough about ZFS to know whether encryption for that stuff could be added later. One big advantage you get is per-block single-use keys and tight integration of AEAD. I would regard this as more trustworthy than repeatedly encrypting with the same key. It also opens the door to some interesting proactive security features. --Jgu6imFkkefZzGhumHpk2HcuJVHEHzMCI-- --aH9EEbGhoMDnmIazM5SNMwGIkNLTcP1Ov Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQ9+4mhuzHQx7ikjAs846Nm3BBWrAUCX2FxPgAKCRA846Nm3BBW rF7gAQCoqDVW+xhZqCZ+Ry7d8bXuXrq54HPi4hts7jGSDpYudgEA9C70PU6gugBg WvlQevEUEUBtNNo5FYTi8w40xq4JGAI= =55af -----END PGP SIGNATURE----- --aH9EEbGhoMDnmIazM5SNMwGIkNLTcP1Ov--