On 02/21/12 13:27, Edward Ned Harvey wrote:
From: Darren J Moffat [mailto:darr...@opensolaris.org]
Sent: Monday, February 20, 2012 12:46 PM
GRUB2 has support
for encrypted ZFS file systems already.
I assume this requires a pre-boot password, right? Then I have two
questions...
The ZFS encryption support in GRUB2 was written by the main GRUB2
developer and doesn't use any Solaris ZFS encryption code. The GRUB2
code has support for interactive prompting for the passphrase or for
reading the passphrase or raw wrapping key from a file in some other
filesystem that GRUB2 can see.
Solaris 11 doesn't have GRUB2 at this time it uses GRUB 0.97 which does
not have encryption support. You can't put the two parts together
because the Solaris 11 kernel doesn't know how to mount an encrypted
root filesystem even though GRUB2 could have loaded the kernel and
boot_archive from one if you managed to craft together a GRUB2 and
Solaris 11 system on your own.
I noticed in solaris 11, when you "init 6" it doesn't reboot the way other
OSes reboot.
What you are seeing is "Fast Reboot" where on x86 we completely avoid
the trip back through the BIOS and the boot loader it just loads and
rexecute the kernel directly. The situation on SPARC is similar but not
identical.
> So maybe "init 6" will not need you to type in a password
again? Maybe you just need a passsword one time when you power on?
Solaris 11 doesn't have support for encrypted root at all at this time.
Doesn't mater if Fast Reboot is in use or not.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
