On Mon, Apr 26, 2021 at 3:04 PM mike tancsa wrote:
> On 4/23/2021 11:47 PM, Peter Libassi wrote:
> > Yes, I’ve come to the same conclusion. This should be used on a
> > data-zpool and not on the system-pool (zroot). Encryption is per
> > dataset. Also if found that if the encrypted dataset is not
On 4/23/2021 11:47 PM, Peter Libassi wrote:
> Yes, I’ve come to the same conclusion. This should be used on a
> data-zpool and not on the system-pool (zroot). Encryption is per
> dataset. Also if found that if the encrypted dataset is not mounted of
> some reason you will be writing to the parent u
On 4/23/2021 5:23 PM, Xin Li wrote:
> On 4/23/21 13:53, mike tancsa wrote:
>> Starting to play around with RELENG_13 and wanted explore ZFS' built in
>> encryption. Is there a best practices doc on how to do full disk
>> encryption anywhere thats not GELI based ? There are lots for
>> GELI,
>>
On 4/23/21 11:23 PM, Xin Li via freebsd-stable wrote:
I think loader do not support the native OpenZFS encryption yet.
However, you can encrypt non-essential datasets on a boot pool (that is,
if com.datto:encryption is "active" AND the bootfs dataset is not
encrypted, you can still boot from it)
> 23 apr. 2021 kl. 23:23 skrev Xin Li via freebsd-stable
> :
>
> On 4/23/21 13:53, mike tancsa wrote:
>> Starting to play around with RELENG_13 and wanted explore ZFS' built in
>> encryption. Is there a best practices doc on how to do full disk
>> encryption anywhere thats not GELI based ? T
On 4/23/21 13:53, mike tancsa wrote:
> Starting to play around with RELENG_13 and wanted explore ZFS' built in
> encryption. Is there a best practices doc on how to do full disk
> encryption anywhere thats not GELI based ? There are lots for
> GELI,
> but nothing I could find for native OpenZFS
Starting to play around with RELENG_13 and wanted explore ZFS' built in
encryption. Is there a best practices doc on how to do full disk
encryption anywhere thats not GELI based ? There are lots for
GELI,
but nothing I could find for native OpenZFS encryption on FreeBSD
i.e box gets rebooted,
