Eric Schrock wrote: > You can't really do arbitrary DSL operations (such as looking up a > property) from within ZIO context. However, we already pass down > information on the logical block (including dataset id) as part of the > zbookmark_t. You could either:
Cool so zbookmark_t is what I thought it was! > 1. Create a SPA-wide hash that allows you to lookup crypto functions > from arbitrary context without parsing on-disk state. > > 2. Pass down additional crypto information (a la zbookmark_t) at the > time each I/O is created. What I'll do is pass the zbookmark_t to zio_*crypt_data() they can then call a function in zio_crypt.c that uses the information in the zbookmark_t to get hold of the appropriate crypto_key_t pointer. This function, say zio_crypt_bookmark_to_key() can then be "pluggable" to support different key management systems - which is something we need to be able to do. The simple case will just be something like a hash table based on the dataset id, more complex cases may even initiate network IO to some remote key manager (probably by calling up to a userland assistant); where remote maybe a specific zone on the machine or really some remote key manager over some key exchange protocol). Thanks. -- Darren J Moffat
