From owner-freebsd-fs@freebsd.org  Wed Aug 22 01:55:47 2018
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72D9A1086F4C;
 Wed, 22 Aug 2018 01:55:47 +0000 (UTC)
 (envelope-from mmacy@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
 [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 29C2879EAD;
 Wed, 22 Aug 2018 01:55:47 +0000 (UTC)
 (envelope-from mmacy@freebsd.org)
Received: from mail-io0-f171.google.com (mail-io0-f171.google.com
 [209.85.223.171])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 (Authenticated sender: mmacy)
 by smtp.freebsd.org (Postfix) with ESMTPSA id E67BD101AC;
 Wed, 22 Aug 2018 01:55:46 +0000 (UTC)
 (envelope-from mmacy@freebsd.org)
Received: by mail-io0-f171.google.com with SMTP id w11-v6so298885iob.2;
 Tue, 21 Aug 2018 18:55:46 -0700 (PDT)
X-Gm-Message-State: APzg51AAEOgFIoQ/HHT24fdlrQfg0YjARlOr8p1tzwpTyM+p6ykRFNGh
 mB1VuRvpFISgQdC5ZRlEuNZMaK4aItVI80Q+lQ4=
X-Google-Smtp-Source: ANB0VdZ8RylZhYqhLJvBkA2tH6YFMhXuPRGSDE/629i7eP/hEbKYdA85KMa+XoDKlHl/WAEYLzkzt9JN5ZKBT8RHeY0=
X-Received: by 2002:a6b:500e:: with SMTP id
 e14-v6mr10725789iob.5.1534902946477; 
 Tue, 21 Aug 2018 18:55:46 -0700 (PDT)
MIME-Version: 1.0
From: Matthew Macy <mmacy@freebsd.org>
Date: Tue, 21 Aug 2018 18:55:35 -0700
X-Gmail-Original-Message-ID: <CAPrugNomNQQUZZNgngYRjDEVEU=_KbE2pgG4ajO1Jr4+Gov2gQ@mail.gmail.com>
Message-ID: <CAPrugNomNQQUZZNgngYRjDEVEU=_KbE2pgG4ajO1Jr4+Gov2gQ@mail.gmail.com>
Subject: Native Encryption for ZFS on FreeBSD CFT
To: freebsd-current <freebsd-current@freebsd.org>, freebsd-fs@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2018 01:55:47 -0000

To anyone with an interest in native encryption in ZFS please test the
projects/zfs-crypto-merge-0820 branch in my freebsd repo:
https://github.com/mattmacy/networking.git

( git clone  https://github.com/mattmacy/networking.git -b
projects/zfs-crypto-merge-0820 )

The UI is quite close to the Oracle Solaris ZFS crypto with minor
differences for specifying key location.

Please note that once a feature is enabled on a pool it can't be
disabled. This means that if you enable encryption support on a pool
you will never be able to import it in to a ZFS without encryption
support. For this reason I would strongly advise against using this on
any pool that can't be easily replaced until this change has made its
way in to HEAD after the freeze has been lifted.


By way of background the original ZoL commit can be found at:
https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49

Thanks in advance.
-M