Native Encryption for ZFS on FreeBSD CFT
Alan Somers
asomers at freebsd.org
Wed Aug 22 03:11:56 UTC 2018
The last time I looked (which was a long time ago), Oracle's ZFS encryption
looked extremely vulnerable to watermarking attacks. Did anybody ever fix
that?
-Alan
On Tue, Aug 21, 2018 at 8:28 PM Matthew Macy <mmacy at freebsd.org> wrote:
> On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy <mmacy at freebsd.org> wrote:
>
> > To anyone with an interest in native encryption in ZFS please test the
> > projects/zfs-crypto-merge-0820 branch in my freebsd repo:
> > https://github.com/mattmacy/networking.git
> >
> >
> Oh and I neglected to state that this work is being supported by iX Systems
> and the tree is all built on work done by Sean Fagan at iX Systems. Please
> keep him in the loop on any problems encountered.
> Thanks.
>
>
>
> > ( git clone https://github.com/mattmacy/networking.git -b
> > projects/zfs-crypto-merge-0820 )
> >
> > The UI is quite close to the Oracle Solaris ZFS crypto with minor
> > differences for specifying key location.
> >
> > Please note that once a feature is enabled on a pool it can't be
> > disabled. This means that if you enable encryption support on a pool
> > you will never be able to import it in to a ZFS without encryption
> > support. For this reason I would strongly advise against using this on
> > any pool that can't be easily replaced until this change has made its
> > way in to HEAD after the freeze has been lifted.
> >
> >
> > By way of background the original ZoL commit can be found at:
> >
> >
> https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49
> >
> > Thanks in advance.
> > -M
> >
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
More information about the freebsd-fs
mailing list