Date: Wed, 23 Aug 2023 09:34:56 +0200 From: infoomatic <infoomatic@gmx.at> To: questions@freebsd.org Subject: Re: Is ZFS native encryption safe to use? Message-ID: <de460855-d2a8-3125-1b64-bf5052e1e6ea@gmx.at> In-Reply-To: <0e7d2657-f857-01a8-f764-33b9c62c11f1@netfence.it> References: <NcUuVT_--3-9@tutanota.com> <0e7d2657-f857-01a8-f764-33b9c62c11f1@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
last time (when 13.0 was released) I compared them: *) GELI + normal zfs was significantly faster than encrypted-zfs *) encrypted zfs to share files between Linux and FreeBSD did not work properly, resulting in Files non-readable on FreeBSD On 23.08.23 09:32, Andrea Venturoli wrote: > On 8/23/23 03:02, iio7@tutanota.com wrote: > > Hello. > Just my 2c... > > >> There seems to be a bit of open (and rather old) ZFS native encryption >> bugs which still haven't been fixed and it doesn't look like it is >> something that is being working on. >> >> Last night I was going to move some important files from an unencrypted >> dataset to a new encrypted (ZFS native) one, but then got my doubts >> about doing that (looking at all the different open GitHub issues on >> OpenZFS). > > Could you please provide links to these discussions/bugs? > > > > >> What is the general experience running with ZFS native encryption on >> FreeBSD? > > I'm using it on three machines with no issues so far. > >> Is it better to use GELI for the whole pool instead? > > If possible, I prefer GELI. > > However, I want to be able to let the machine boot without having to > type a passphrase, SSH in and activate the encrypted partitions/dataset. > In the past I used to have two partitions (a "plain" one for a non > encrypted pool and a GELI one for the encypted pool); however this fixes > the sizes of the two pools and leads to some hassle when one might get > full while the other still has space; so I'm moving to a single ZFS pool > with some encrypted datasets. > > =C2=A0bye > =C2=A0=C2=A0=C2=A0=C2=A0av. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?de460855-d2a8-3125-1b64-bf5052e1e6ea>