I agree with your comments on BTRFS, it's exactly why I've never bothered with it, as it wasn't getting me anything.  I want to be rid of using mdraid and luks for a native solution, but replacing layers for no or negligible benefit.

Last I had rebuilt my laptop, arch supported encryption, but not at boot time, but seems it might be possible now.  I need to dig some more, but saw this with some quick poking around today.  https://wiki.alpinelinux.org/wiki/Root_on_ZFS_with_native_encryption

Gives me some hope arch might, but might look beyond arch too.  I've had a lot of issues with arch in the past few years, particularly updates/upgrades, so I'm back to contemplating my choice in religion, er linux.

-mb


On Wed, Jun 23, 2021 at 9:55 PM Matthew Crews via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
On 6/23/21 5:18 PM, Michael Butash via PLUG-discuss wrote:
> Saw this today, talking about encryption under zfs under linux.  Anyone
> using it here that can comment on experience using it yet for personal
> or at scale?
>
> https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/
> <https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/>
>
> I use a combination of mdraid+luks+lvm+ext4/jfs, and would really love
> for this to be one thing, ala ZFS or BTRFS.  Yes I could google my arse
> off to look, but looking for some trusted opinion here.

I've used ZFS and BTRFS under Linux, though I haven't tried native ZFS
encryption yet. I have used both ZFS and BTRFS under LUKS encryption too.

Both BTRFS and ZFS work so much nicer than mdraid when it comes to
spanning across multiple disks (though beware that BTRFS still isn't
production safe for RAID5/RAID6).

If you want to use a multi-disk storage array, ZFS and BTRFS are both
superior options to MDRAID.

However ZFS is just straight better and easier to maintain than BTRFS,
especially now that native encryption is a thing (something BTRFS sorely
lacks).



Here is my disk topology for my 4 disk RAID10 setup under BTRFS.

Disk 1 - LUKS - Btrfs --\                   /--Btrfs subvolume
                        |                   |
Disk 2 - LUKS - Btrfs --|                   |--Btrfs subvolume
                        |--- Btrfs volume --|
Disk 3 - LUKS - Btrfs --|                   |--Btrfs subvolume
                        |                   |
Disk 4 - LUKS - Btrfs --/                   \--Btrfs subvolume

To be honest, it is a pain in the arse to mount an encrypted BTRFS
volume this way. You need to unencrypt all four drives first, and then
you need to mount it. But at least once its mounted, the subvolumes are
already set up.

If I need to replace a drive (and I've had to replace drives) it is also
a pain in the arse due to having to deal with both Luks and BTRFS.

Encrypted ZFS would simplify this setup enormously.

When I need to replace my drives, I will be switching from BTRFS to ZFS.


-Matt
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss