From owner-freebsd-current@FreeBSD.ORG Tue Aug 28 02:10:56 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BDCC16A419 for ; Tue, 28 Aug 2007 02:10:56 +0000 (UTC) (envelope-from n-butcher=freebsd-current=freebsd.org=sbibybnr@fusiongol.com) Received: from smtp02.dentaku.gol.com (smtp02.dentaku.gol.com [203.216.5.72]) by mx1.freebsd.org (Postfix) with ESMTP id 5E44613C442 for ; Tue, 28 Aug 2007 02:10:56 +0000 (UTC) (envelope-from n-butcher=freebsd-current=freebsd.org=sbibybnr@fusiongol.com) Received: from pat.gol.co.jp ([203.216.1.191] helo=[127.0.0.1]) by smtp02.dentaku.gol.com with esmtpa (Dentaku) id 1IPqXe-0002vh-Qq for ; Tue, 28 Aug 2007 11:10:54 +0900 Message-ID: <46D3842E.5040002@fusiongol.com> Date: Tue, 28 Aug 2007 11:10:54 +0900 From: Nathan Butcher User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-current@freebsd.org X-Enigmail-Version: 0.95.3 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV GOL X-Abuse-Complaints: abuse@gol.com Subject: Re: Encrypted zfs? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 02:10:56 -0000 CW> I'm currently using a zraid consisting of three drives. Lately I CW> wonder what the best way would be to encrypt it. CW> I read the chapter dealing with disk encryption in the handbook, and CW> decided to use GELI. Is there anyone here on the list who has some CW> experiences with ZFS on encrypted GELI devices? Are there some CW> performance specs around? At the moment, I have created a zvol on top of ZFS and then turned it into a GELI device. Then I have run newfs on that GELI device and mounted it as a volume. It's less than an ideal way of having encryption on ZFS (you get some of the benefits of ZFS, but the filesystem on top of GELI is still UFS), but it works anyway. On my 2.13Ghz Core2 Duo with 2GB of RAM under amd64-current, my system load doesn't break much of a sweat, reading to and from the GELI volume - and speeds are tolerable. Since I have the Promise card issue, I can only give bechmarks dated from the 200706 snapshot, and I'm sure zfs performance has improved since then.