Date: Wed, 23 Aug 2023 09:32:01 +0200 From: Andrea Venturoli <ml@netfence.it> To: questions@freebsd.org Subject: Re: Is ZFS native encryption safe to use? Message-ID: <0e7d2657-f857-01a8-f764-33b9c62c11f1@netfence.it> In-Reply-To: <NcUuVT_--3-9@tutanota.com> References: <NcUuVT_--3-9@tutanota.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/23/23 03:02, iio7@tutanota.com wrote: Hello. Just my 2c... > There seems to be a bit of open (and rather old) ZFS native encryption > bugs which still haven't been fixed and it doesn't look like it is > something that is being working on. > > Last night I was going to move some important files from an unencrypted > dataset to a new encrypted (ZFS native) one, but then got my doubts > about doing that (looking at all the different open GitHub issues on > OpenZFS). Could you please provide links to these discussions/bugs? > What is the general experience running with ZFS native encryption on > FreeBSD? I'm using it on three machines with no issues so far. > Is it better to use GELI for the whole pool instead? If possible, I prefer GELI. However, I want to be able to let the machine boot without having to type a passphrase, SSH in and activate the encrypted partitions/dataset. In the past I used to have two partitions (a "plain" one for a non encrypted pool and a GELI one for the encypted pool); however this fixes the sizes of the two pools and leads to some hassle when one might get full while the other still has space; so I'm moving to a single ZFS pool with some encrypted datasets. bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0e7d2657-f857-01a8-f764-33b9c62c11f1>