From owner-freebsd-hackers@freebsd.org Wed Jun 1 15:15:01 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 02605B60D70 for ; Wed, 1 Jun 2016 15:15:01 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id D988210CA for ; Wed, 1 Jun 2016 15:15:00 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [192.168.1.10] (unknown [192.168.1.10]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 41C11D50A for ; Wed, 1 Jun 2016 15:14:54 +0000 (UTC) Subject: Re: EFI GELI support ready for testers To: freebsd-hackers@freebsd.org References: <519CC1FC-84DF-4710-8E62-AF26D8AED2CF@metricspace.net> <20160528083656.GT38613@kib.kiev.ua> <20160528172618.GB38613@kib.kiev.ua> <6A9DADE0-B214-424A-BB14-0B0848F0D08D@metricspace.net> <20160529091827.GD38613@kib.kiev.ua> <46B3F9E2-A25B-4F9D-B35F-11AC782495B1@metricspace.net> <20160601144738.GA14531@britannica.bec.de> From: Allan Jude Message-ID: <609c25ce-7d3e-cdc5-534f-e885e20abd40@freebsd.org> Date: Wed, 1 Jun 2016 11:14:49 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <20160601144738.GA14531@britannica.bec.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2016 15:15:01 -0000 On 2016-06-01 10:47, Joerg Sonnenberger wrote: > On Wed, Jun 01, 2016 at 04:29:16PM +0200, Wojciech Puchar wrote: >>> It's undesirable because the whole point of ZFS is to have one ZFS >>> volume for the whole system. >> This sounds more like a religious dogma than anything else. > > If "ZFS volume" means "ZFS pool" here, it is also blatant bullshit. > There are a lot of reasons for having more than one ZFS pool, the > easiest being separating SSDs and HDDs for fast vs cheap storage. > > Joerg > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > Again, my only motivation for adding GELI encryption support to gptzfsboot was to allow ZFS Boot Environments, one of the biggest selling features of ZFS-on-root, to work with GELI encrypted disks. For boot environments to work, your kernel must reside in the / (root) ZFS dataset, so it can be snapshotted and cloned along with the rest of the base system. You can still use multiple pools. But for this useful feature to work, you need to be able to use a single pool, so I made it so. I added support for UFS, because it was only ~10 more lines of code. In my geliboot work, no new crypto code is introduced. It just reuses GELI and OpenCrypto. The entire geliboot codebase is only 450 lines including license and comments, mostly of boilerplate, and 100 lines of .h file to bridge the gap between the kernel and the boot2/loader environments. -- Allan Jude