Tom, I was meaning to keep Openindiana boot environment instead of installing Solaris 11 fresh... but if there is a method to do it without having alrready a preexisting OI or Opensolaris boot environment, I have to admit that am not very familiar with the process.
Well encryption is not supported in the root pool right? So it shouldn't be a problem either. I have been encrypting system drives on Linux by using busybox; a minimal system boots before decrypting the drives, once you enter the paraphrase the real kernel (stored in the encrypted drive) boots. If Oracle ever supports rootfs encryption I guess the decryption should happen anyway before the actual boot environment loads, so It will be possible still to keep a separate unencrypted one with OI... I guess the encryption will be handled as a property of paticular zfs file system and wont involve the complete pool... But I should really experiment all of that before even talking. I did not tried or even read about S11 encryption. In linux filesystems you should allways cover the drive with random data before encrypting, otherwise the operation isn't safe enough (even /dev/urandom inst bullet proof, but anything stronger was almost impossible to achieve without spending just insane amount of time). I wonder how it happen on ZFS, probably it could introduce new perspectives to encryption. it is a truly interesting subject. On Wed, Nov 17, 2010 at 1:18 AM, Tom Kranz <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gabriel de la Cruz wrote: > > flexibility. Could it be a good practice to install Openindiana before > > Solaris11?, so there is a roll back option? difficult to answer... I > guess > > they will keep the possibility to upgrade from Opensolaris for a while... > > Why? What's wrong with ZFS snapshots and rolling back to a different BE? > As long as you're not upgrading your ZFS pools or messing around with > them (and ZFS encryption is the only pressing thing for me that would > force that) then I don't see why any of this would be a problem? > > - -- > Tom Kranz > Email: [email protected] Skype: siliconbunny > Mobile: 07779 149281 Phone/fax: 01344 773240 > http://www.gaeltd.com http://www.linkedin.com/in/tomkranz > -----BEGIN PGP SIGNATURE----- > > iEYEARECAAYFAkzjEWIACgkQCaTe3ZK74hlIsgCfVhUzGlN4DAbpUPyn8ePA1urm > X5YAn2TMBy6NV/FHvolIKbfgUsGWUuEI > =28Ey > -----END PGP SIGNATURE----- > > _______________________________________________ > OpenIndiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
