From owner-freebsd-fs@freebsd.org Wed Aug 22 02:27:14 2018 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66B7B1088540; Wed, 22 Aug 2018 02:27:14 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 111AC7B9BA; Wed, 22 Aug 2018 02:27:14 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: from mail-it0-f48.google.com (mail-it0-f48.google.com [209.85.214.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) (Authenticated sender: mmacy) by smtp.freebsd.org (Postfix) with ESMTPSA id CC0D1104B8; Wed, 22 Aug 2018 02:27:13 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: by mail-it0-f48.google.com with SMTP id h23-v6so1082125ita.5; Tue, 21 Aug 2018 19:27:13 -0700 (PDT) X-Gm-Message-State: APzg51CDBOX29EwVxUKLHQxDik6kYli84VNqeTZ2sLaJu1sMSvxW9J2x ax20wE0agBZ98shspm09/AJDPaBY2t6LPVdHDFg= X-Google-Smtp-Source: ANB0VdYmAzdU1G8Optqx6uQ9rRQ5sQWo4T5PIRfzl7Sh5iBFJ2vNK2laVKRBC3lmyLuasiXh/jyixKfJy4MWF04bVqg= X-Received: by 2002:a24:704f:: with SMTP id f76-v6mr1626689itc.30.1534904833320; Tue, 21 Aug 2018 19:27:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Matthew Macy Date: Tue, 21 Aug 2018 19:27:02 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Native Encryption for ZFS on FreeBSD CFT To: freebsd-current , freebsd-fs@freebsd.org Cc: Sean Fagan Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2018 02:27:14 -0000 On Tue, Aug 21, 2018 at 6:55 PM Matthew Macy wrote: > To anyone with an interest in native encryption in ZFS please test the > projects/zfs-crypto-merge-0820 branch in my freebsd repo: > https://github.com/mattmacy/networking.git > > Oh and I neglected to state that this work is being supported by iX Systems and the tree is all built on work done by Sean Fagan at iX Systems. Please keep him in the loop on any problems encountered. Thanks. > ( git clone https://github.com/mattmacy/networking.git -b > projects/zfs-crypto-merge-0820 ) > > The UI is quite close to the Oracle Solaris ZFS crypto with minor > differences for specifying key location. > > Please note that once a feature is enabled on a pool it can't be > disabled. This means that if you enable encryption support on a pool > you will never be able to import it in to a ZFS without encryption > support. For this reason I would strongly advise against using this on > any pool that can't be easily replaced until this change has made its > way in to HEAD after the freeze has been lifted. > > > By way of background the original ZoL commit can be found at: > > https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49 > > Thanks in advance. > -M >