State of native encryption in ZFS
Jordan Hubbard
jkh at mail.turbofuzz.com
Sat May 14 18:03:07 UTC 2016
> On May 14, 2016, at 1:54 AM, Ruslan Yakauleu <quazinode at gmail.com> wrote:
>
> I wish to know somethign new about native encryption in ZFS for FreeBSD.
> Any works in this direction are conducted?
Short and simple answer: No.
We also recently talked to Matt Ahrens (essentially the OpenZFS “project lead” and who determines what goes upstream) at the FreeBSD Storage Summit and he expressed very little interest in “native encryption” for ZFS, seeing little to no benefit (for what would be a lot of engineering work) in doing it at the ZFS layer vs simply continuing to use the GELI encryption at the block-device layer that FreeBSD already supports.
It’s not even clear how that encryption would be implemented or exposed. Per pool? Per dataset? Per folder? Per file? There have been requests for all of the above at one time or another, and the key management challenges for each are different. They can also be implemented at a layer above ZFS, given sufficient interest.
- Jordan
More information about the freebsd-fs
mailing list