ZFS encryption and loader
Eugene Grosbein
eugen at grosbein.net
Sun Sep 13 01:38:21 UTC 2020
13.09.2020 5:46, Eric McCorkle wrote:
> I'm thinking of migrating to ZFS encryption from GELI in the near future.
>
> Does anyone know offhand what the state of support for ZFS encryption in
> loader looks like, and if there's support for passing keys to the kernel
> for boot-time loading? (I can look at adding these if they're missing)
Recently I've learned from one of ZoL maintainers that native
ZFS encryption is not so comprehensive as GELI.
I've been told that native ZFS encryption was initially designed for one specific task:
being able to receive encrypted customer data (backups), verify its integrity without decryption,
store and then receive incremental backups later. Therefore, not all data is hidden with encryption,
for example, dataset names and some other metadata are not.
More information about the freebsd-hackers
mailing list