"Matthew X. Economou" wrote:
> Fabian Keil writes:
> > Anyway, it's a test without file system so the ZFS overhead isn't
> > measured. I wasn't entirely clear about it, but my assumption was
> > that the ZFS overhead might be big enough to make the difference
> > between HMAC/MD5 and HMAC/SHA256
Fabian Keil writes:
> In my opinion protecting ZFS's default checksums (which cover
> non-metadata as well) with GEOM_ELI is sufficient. I don't see
> what advantage additionally enabling GEOM_ELI's integrity
> verification offers.
I follow you now. You may be right about the extra integrity che
"xenophon\\+freebsd" wrote:
> > -Original Message-
> > From: Fabian Keil [mailto:freebsd-lis...@fabiankeil.de]
> > Sent: Wednesday, March 07, 2012 11:49 AM
> > It's not clear to me why you enable geli integrity verification.
> >
> > Given that it is single-sector-based it seems inferior
> -Original Message-
> From: Fabian Keil [mailto:freebsd-lis...@fabiankeil.de]
> Sent: Wednesday, March 07, 2012 11:49 AM
Thanks for your comments!
> It's not clear to me why you enable geli integrity verification.
>
> Given that it is single-sector-based it seems inferior to ZFS's
> int
"xenophon\\+freebsd" wrote:
> I have posted revised instructions for installing FreeBSD to an
> encrypted ZFS pool on my blog:
>
> https://web.irtnog.org/~xenophon/blog/revised-freebsd-root-zfs-geli
>
> The entire procedure is documented in a way suitable for scripting. I
> would be very inter
Hi all,
I have posted revised instructions for installing FreeBSD to an
encrypted ZFS pool on my blog:
https://web.irtnog.org/~xenophon/blog/revised-freebsd-root-zfs-geli
The entire procedure is documented in a way suitable for scripting. I
would be very interested in the community's feedback.
