Re: Is ZFS native encryption safe to use?

From: infoomatic <infoomatic_at_gmx.at>
Date: Wed, 23 Aug 2023 07:34:56 UTC
last time (when 13.0 was released) I compared them:

*) GELI + normal zfs was significantly faster than encrypted-zfs
*) encrypted zfs to share files between Linux and FreeBSD did not work
properly, resulting in Files non-readable on FreeBSD


On 23.08.23 09:32, Andrea Venturoli wrote:
> On 8/23/23 03:02, iio7@tutanota.com wrote:
>
> Hello.
> Just my 2c...
>
>
>> There seems to be a bit of open (and rather old) ZFS native encryption
>> bugs which still haven't been fixed and it doesn't look like it is
>> something that is being working on.
>>
>> Last night I was going to move some important files from an unencrypted
>> dataset to a new encrypted (ZFS native) one, but then got my doubts
>> about doing that (looking at all the different open GitHub issues on
>> OpenZFS).
>
> Could you please provide links to these discussions/bugs?
>
>
>
>
>> What is the general experience running with ZFS native encryption on
>> FreeBSD?
>
> I'm using it on three machines with no issues so far.
>
>> Is it better to use GELI for the whole pool instead?
>
> If possible, I prefer GELI.
>
> However, I want to be able to let the machine boot without having to
> type a passphrase, SSH in and activate the encrypted partitions/dataset.
> In the past I used to have two partitions (a "plain" one for a non
> encrypted pool and a GELI one for the encypted pool); however this fixes
> the sizes of the two pools and leads to some hassle when one might get
> full while the other still has space; so I'm moving to a single ZFS pool
> with some encrypted datasets.
>
>   bye
>      av.
>