Stupid question: Full-disk encryption on ZFS
Matthew Seaman
matthew at FreeBSD.org
Sun Mar 9 20:19:12 UTC 2014
On 09/03/2014 19:41, freebsd at fongaboo.com wrote:
> Just want to clarify... Does ZFS provide a mechanism itself for
> full-disk encryption. Or is it still a matter of running another layer
> of software to manifest this, such as GELI?
>
> How does the ZFS portion of the FreeBSD 10 installer do things when you
> check off the encryption option?
AFAIK ZFS native encryption was being developed within Sun before they
were taken over by Oracle, but never did get released into OpenSolaris.
Consequently native ZFS encryption is not available in the OpenZFS code
in FreeBSD, Illumos or any of the other supported platforms.
Disk encryption under FreeBSD relies on geli. That's what the installer
implements. (Presumably you could use gbde instead, but everyone seems
to be preferring geli nowadays)
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140309/ef4ee520/attachment.sig>
More information about the freebsd-questions
mailing list