From owner-freebsd-questions@FreeBSD.ORG  Sun Mar  9 20:19:12 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 6B630958
 for <freebsd-questions@freebsd.org>; Sun,  9 Mar 2014 20:19:12 +0000 (UTC)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id F0EC5FED
 for <freebsd-questions@freebsd.org>; Sun,  9 Mar 2014 20:19:11 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
 [81.2.117.99]) (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s29KJ7is088023
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-questions@freebsd.org>; Sun, 9 Mar 2014 20:19:07 GMT
 (envelope-from matthew@FreeBSD.org)
DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s29KJ7is088023
Authentication-Results: smtp.infracaninophile.co.uk/s29KJ7is088023;
 dkim=none reason="no signature"; dkim-adsp=none
Message-ID: <531CCCBA.3070000@FreeBSD.org>
Date: Sun, 09 Mar 2014 20:19:06 +0000
From: Matthew Seaman <matthew@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: Stupid question: Full-disk encryption on ZFS
References: <alpine.BSF.2.00.1403091532150.62528@helix.wtfayla.net>
In-Reply-To: <alpine.BSF.2.00.1403091532150.62528@helix.wtfayla.net>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="8XbElXrD6dtAwtJkRon3LVBBDUvklqAOu"
X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
 autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2014 20:19:12 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--8XbElXrD6dtAwtJkRon3LVBBDUvklqAOu
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 09/03/2014 19:41, freebsd@fongaboo.com wrote:
> Just want to clarify... Does ZFS provide a mechanism itself for
> full-disk encryption. Or is it still a matter of running another layer
> of software to manifest this, such as GELI?
>=20
> How does the ZFS portion of the FreeBSD 10 installer do things when you=

> check off the encryption option?

AFAIK ZFS native encryption was being developed within Sun before they
were taken over by Oracle, but never did get released into OpenSolaris.
 Consequently native ZFS encryption is not available in the OpenZFS code
in FreeBSD, Illumos or any of the other supported platforms.

Disk encryption under FreeBSD relies on geli.  That's what the installer
implements.  (Presumably you could use gbde instead, but everyone seems
to be preferring geli nowadays)

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--8XbElXrD6dtAwtJkRon3LVBBDUvklqAOu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJ8BAEBCgBmBQJTHMy6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATwFwP/0EYWhOcpVNVxPzJ3vKws47K
jZBHhIMqDPqv7PX5q48YrEW+hJIjTeuCDIt/y8b8wmlTO/jNX4K4XzNZ86ITcHx1
SSkwJT7eLPwgHpgeIsuus3cBp2DHMTbmLjqUatdDKGZRiQUTuHhel8HzyS/clM/U
lrWsTqGgJMWpMmM9hZZnncWNN0/3wGRWGuUzoOvFwsVFgOb6nnIbQFrjrp77iGVn
nFa8++F0vtM1ZqNGMkt+VdGIp4BAax+L4qhrrBOuHB8jfJUD6XhJdM22RDWdeaJI
GNniB1gws52cE1bUCqxlsCAfWA7On4Ote5WVISz1Lbq3nRUi7yVVXUmJIP/NTBrV
sL1bxuuZ35g3mpUp0z7PeUPlcWMcLL0dpKsBfco2ZGljt6NANmPwsCVDyO57YNNg
W+gnVQ29hwUz6bJNk4zvd9iGjtb+pLbU4JQ/x/S1YkFSwAjL83RjWvNXlK36yEj6
ezqeNo9S1E0ycNMRcBdgQO+Hr/FZ74pwAD1YnAnPfii8rqVu9GA40w9g1ZusWfW4
xP7u5cNSSiTRykA1Z/uZA5wlmbkqaUOHV0bv1LJeIxC80Nhx/ZeMOfsRltI0nhqE
g6iLudOrsM6VfQTo4zJhR1Z15Bc7e5VfeULJdQUrsjdn/GT+tcpr8o2hhM9Fzvae
hCcUDXOYQuGEErYHPoqt
=JF4G
-----END PGP SIGNATURE-----

--8XbElXrD6dtAwtJkRon3LVBBDUvklqAOu--