Native Encryption for ZFS on FreeBSD CFT
Matthew Macy
mmacy at freebsd.org
Wed Aug 22 02:27:14 UTC 2018
On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy <mmacy at freebsd.org> wrote:
> To anyone with an interest in native encryption in ZFS please test the
> projects/zfs-crypto-merge-0820 branch in my freebsd repo:
> https://github.com/mattmacy/networking.git
>
>
Oh and I neglected to state that this work is being supported by iX Systems
and the tree is all built on work done by Sean Fagan at iX Systems. Please
keep him in the loop on any problems encountered.
Thanks.
> ( git clone https://github.com/mattmacy/networking.git -b
> projects/zfs-crypto-merge-0820 )
>
> The UI is quite close to the Oracle Solaris ZFS crypto with minor
> differences for specifying key location.
>
> Please note that once a feature is enabled on a pool it can't be
> disabled. This means that if you enable encryption support on a pool
> you will never be able to import it in to a ZFS without encryption
> support. For this reason I would strongly advise against using this on
> any pool that can't be easily replaced until this change has made its
> way in to HEAD after the freeze has been lifted.
>
>
> By way of background the original ZoL commit can be found at:
>
> https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49
>
> Thanks in advance.
> -M
>
More information about the freebsd-current
mailing list