On 02/16/12 15:35, David Magda wrote:
On Thu, February 16, 2012 09:55, Edward Ned Harvey wrote:
I've never used ZFS encryption. How does it work? Do you need to type in
a pre-boot password? And if so, how do you do that with a server? Or does
it use TPM or something similar, to avoid the need for a pre-boot password?
Darren Moffat put up some good posts when the code was initially introduced:
https://blogs.oracle.com/darren/en_GB/tags/zfs
https://blogs.oracle.com/darren/en_GB/tags/crypto
I don't believe encrypting the root volume is currently supported, so
pre-boot stuff doesn't apply. (Please correct if I'm wrong here.)
That is correct you can't currently encrypt the root/boot file system.
This is because neither OBP or GRUB 0.97 have any knowledge of ZFS
encrypted file systems and how to get keys for them. GRUB2 has support
for encrypted ZFS file systems already.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
