Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Sep 2020 08:37:56 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        Eric McCorkle <eric@metricspace.net>, freebsd-hackers@freebsd.org
Subject:   Re: ZFS encryption and loader
Message-ID:  <9bbc0793-25d5-6525-fad5-c74ec836e26e@grosbein.net>
In-Reply-To: <676dfde0-4202-1dc9-f90c-420fe9bbae27@metricspace.net>
References:  <676dfde0-4202-1dc9-f90c-420fe9bbae27@metricspace.net>

next in thread | previous in thread | raw e-mail | index | archive | help
13.09.2020 5:46, Eric McCorkle wrote:

> I'm thinking of migrating to ZFS encryption from GELI in the near future.
> 
> Does anyone know offhand what the state of support for ZFS encryption in
> loader looks like, and if there's support for passing keys to the kernel
> for boot-time loading?  (I can look at adding these if they're missing)

Recently I've learned from one of ZoL maintainers that native
ZFS encryption is not so comprehensive as GELI.

I've been told that native ZFS encryption was initially designed for one specific task:
being able to receive encrypted customer data (backups), verify its integrity without decryption,
store and then receive incremental backups later. Therefore, not all data is hidden with encryption,
for example, dataset names and some other metadata are not.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9bbc0793-25d5-6525-fad5-c74ec836e26e>