zfs encryption + boot + world + dog

Michael Butash michael at butash.net
Wed Jun 23 17:18:02 MST 2021


Saw this today, talking about encryption under zfs under linux.  Anyone
using it here that can comment on experience using it yet for personal or
at scale?

https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/

I use a combination of mdraid+luks+lvm+ext4/jfs, and would really love for
this to be one thing, ala ZFS or BTRFS.  Yes I could google my arse off to
look, but looking for some trusted opinion here.

Encryption is probably the strongest requirement I have.  I keep a _lot_ of
sensitive data for customers on my system by virtue of supporting them.
This data needs to be secure first and foremost at rest or other.

Encryption, scalable volumes, redundancy, longevity (ala trim/wear in
flash) are most important to me.  Traditionally a combo of mdadm+lvm
handles this, but would be nice if zfs can do this now, plus above
encryption.  LVM has done great things for decades, but navigating layers
is detrimental for both performance and longevity of devices, particularly
SSD's depending on technology and firmware.

Cold-booting the system consistently with above features is key to me.  I'm
ok with an unencrypted boot drive with a kernel, but all the other layers
need to be encrypted, but just tend to wear on the hardware and performance
ultimately.  Rather than needing an ext4 /boot, then some combo of
root+world fs, I'd love to see grub boot a consistent file system from boot
segments into encrypted user-land data segments to make work today.

Anyone rolling this sort of setup today reliably that can speak to
experience?  Debating new hardware (laptop ideally), so wondering what my
future hardware and software setup will look like.

If still reading, thanks in advance!

-mb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20210623/3557989c/attachment.html>


More information about the PLUG-discuss mailing list