Re: Is ZFS native encryption safe to use?
- In reply to: Andrea Venturoli : "Re: Is ZFS native encryption safe to use?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 23 Aug 2023 07:34:56 UTC
last time (when 13.0 was released) I compared them: *) GELI + normal zfs was significantly faster than encrypted-zfs *) encrypted zfs to share files between Linux and FreeBSD did not work properly, resulting in Files non-readable on FreeBSD On 23.08.23 09:32, Andrea Venturoli wrote: > On 8/23/23 03:02, iio7@tutanota.com wrote: > > Hello. > Just my 2c... > > >> There seems to be a bit of open (and rather old) ZFS native encryption >> bugs which still haven't been fixed and it doesn't look like it is >> something that is being working on. >> >> Last night I was going to move some important files from an unencrypted >> dataset to a new encrypted (ZFS native) one, but then got my doubts >> about doing that (looking at all the different open GitHub issues on >> OpenZFS). > > Could you please provide links to these discussions/bugs? > > > > >> What is the general experience running with ZFS native encryption on >> FreeBSD? > > I'm using it on three machines with no issues so far. > >> Is it better to use GELI for the whole pool instead? > > If possible, I prefer GELI. > > However, I want to be able to let the machine boot without having to > type a passphrase, SSH in and activate the encrypted partitions/dataset. > In the past I used to have two partitions (a "plain" one for a non > encrypted pool and a GELI one for the encypted pool); however this fixes > the sizes of the two pools and leads to some hassle when one might get > full while the other still has space; so I'm moving to a single ZFS pool > with some encrypted datasets. > > bye > av. >