The plan of record for the ZFS Crypto project is that for first delivery is that the bootfs ZFS dataset can not be encrypted. A later phase will address this short coming once we work out how to do the key management things we need to in the restricted GRUB environment.
We do however need to have the pool that the bootfs dataset is in support encryption for other datasets. So given that we won't be porting the actual encryption/decryption to GRUB just yet what is the minimum we need to port to not break ZFS boot for our new pool version (currently 11) ? -- Darren J Moffat
