Roger wrote:
Hello,
I am new to Solaris.
Several PDFs out there suggest any of the following:
a) Solaris comes with 128bit encryption (full filesystem)
b) Solaris supports full root encryption.
Can you send a pointer to these please, because the information is not
correct and I would like to try and get it corrected.
Any truth to any of this?
The company I work for tis mandating full root encryption.
Why is it mandated, is there no exception process ?
It isn't currently part of the ZFS Crypto project to provide for an
encrypted boot (ie root) filesystem. Part of the reason for this is
because of the changes needed for GRUB (x86) and OBP (SPARC) and I would
rather wait until we move to GRUB2 as somethings will be much easier.
For ZFS pools that do not have the boot file system on them you can have
all filesystems in the pool encrypted ie:
# zpool create -O encryption=on tank c0t0d0s0
Even if you need to boot from a filesystem in the pool you *can* still
have the swap ZVOL encrypted.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
