On Mar 26, 2013, at 7:19 AM, Apostolos Syropoulos <[email protected]> wrote:
>
>>
>> T his isn't native ZFS encryption. FreeNAS is using FreeBSD's existing
>> crypto infrastructure to insert an encrypted block device shim between
>> ZFS and the disk drives. The same is possible on illumos systems
>> using lofi(7) with encryption, then building a zpool atop the lofi
>> device(s).
>
> Maybe but it is better than nothing!
Actually, while lofi works, it is a horrible, horrible hack fraught with lots
of problems because it doesn't sit on top of the block layer, but rather on the
filesystem layer.
As I think about this, it would be nearly trivial to build an encrypting block
layer on top of regular block devices using the blkdev framework I wrote ages
ago. Should only take a weekend or so to code up.
Can I have a show of hands for people who would really like to have full disk
encryption (not per dataset!) ? I mean really would like to run this in
production. If the number is non-zero, then I'll probably look at writing some
code. Would be a fun little project.
- Garrett
>
> A.S.
>
>
> ----------------------
> Apostolos Syropoulos
> Xanthi, Greece
> http://obelix.ee.duth.gr/~apostolo
> http://asyropoulos.wordpress.com
> http://hypercomputation.blogspot.com/
>
>
> -------------------------------------------
> illumos-discuss
> Archives: https://www.listbox.com/member/archive/182180/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/182180/22003744-9012f59c
> Modify Your Subscription: https://www.listbox.com/member/?&;
> Powered by Listbox: http://www.listbox.com
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
