Only bfu archives are provided for now - so if you want something more polished you've got to wait more time. Now is a good time to provide feedback, comments, etc.
Phase 1 Functionality implemented
- Per pool wrapping key (DSKEK)
- per dataset keytype.
- pwrap: Randomly generated per dataset key wrapped by DSKEK
- pool: Use DSKEK directly. Will likely NOT be supported in final release.
- zpool keymgr load|unload|status
- passphrase & key in file only
- Per dataset encryption
- NOTE: use only aes-128-cbc, aes-256-cbc
- aes-192-cbc is broken
- Encrypted snapshots
- Clones "inherit" crypto properties regardless of path hierarchy clone promotion also works
- Encryption is a create time only property
- Encrypted datasets don't mount with 'zfs mount -a' unless key is present
- pool history records key creation/clone.
No comments:
Post a Comment