Hacker Read

pstch · 2019-01-19 21:50:47

Encrypted ZFS with FreeBSD is not actually native ZFS encryption, it uses GELI to handle the encryption part (which may be why it's bad at handling power losses).

e12e | karma 13838 | avg karma 1.49 · | 2023-11-21 10:46:28

Thanks! But does that mean zfs native encryption is now supported in freebsd? Last i checked (a good while back) - I got the impression geli(?) was strongly preferred and zfs native encryption was generally discouraged?

_emacsomancer_ | karma 3868 | avg karma 2.65 · | 2019-01-20 03:57:47+00:00

Ah, for some reason I was thinking that FreeBSD's implementation of OpenZFS had native encryption.

pmlnr | karma 11277 | avg karma 4.01 · | 2019-01-20 00:04:48+00:00

Sure. Encrypted ZFS with FreeBSD, have a power loss, goodbye data.

Should have read the manual though, it does tell you to make a backup of certain data ranges in case of encrypted ZFS for this specific case, so it's partly my fault.

That said, I'm using ZFS ever since, but on top of LUKs with linux.

reply

lmm | karma 42440 | avg karma 1.91 · | 2017-07-27 08:14:24

Wait, has encryption hit open-source ZFS at all? Can I use it on FreeBSD?

RJIb8RBYxzAMX9u | karma 784 | avg karma 3.14 · | 2021-07-14 06:31:52

FreeBSD's geli is more similar to Linux's dm-crypt. Of course with (Open)ZFS native encryption finally available for both FreeBSD and Linux, you could also compare them to zvols.

codetrotter | karma 16631 | avg karma 3.67 · | 2021-02-07 02:32:01+00:00

Native ZFS encryption among other things

Edit: Compared to the version of ZFS that was in base FreeBSD 12.x I mean

reply

enneff | karma 14420 | avg karma 6.76 · | 2014-09-09 23:21:57+00:00

Ah, I see. I've only used ZFS on FreeBSD so I guess I'm missing out. Thanks.

overcast | karma 8759 | avg karma 2.69 · | 2017-08-05 19:09:28+00:00

ZFS is a native filesystem to FreeBSD, where as in Linux it is not.

Amezarak | karma 3682 | avg karma 1.88 · | 2017-06-20 10:08:44+00:00

FreeNAS has supported zfs encryption for a long while, unless I misunderstand you. Unless its not actually zfs encryption but something else?

_emacsomancer_ | karma 3868 | avg karma 2.65 · | 2019-01-20 03:04:50+00:00

So LUKS is more resilient than native ZFS encryption to power loss?

RJIb8RBYxzAMX9u | karma 784 | avg karma 3.14 · | 2016-10-10 23:04:07+00:00

This is still geli+zfs, and not native zfs encryption that was recently presented in OpenZFS Developer Summit [0].

[0] https://www.youtube.com/watch?v=frnLiXclAMo

reply

sigjuice | karma 1677 | avg karma 1.63 · | 2017-10-04 00:39:42+00:00

ZFS on FreeBSD does not fit the definition of 'third party'.

znpy | karma 10741 | avg karma 2.31 · | 2020-05-21 17:59:09

Cool, so the point "FreeBSD because zfs on FreeBSD is better" is bs, I guess.

lmm | karma 42440 | avg karma 1.91 · | 2016-07-21 08:58:00+00:00

So does ZFS on FreeBSD support native encryption? Can I switch my existing pool?

gruturo | karma 3260 | avg karma 4.47 · | 2017-06-20 13:11:06

Free(BSD|NAS) so far create a "normal" ZFS on top of an encrypted block device, produced via the cryptographic GEOM provider geli ( https://www.freebsd.org/cgi/man.cgi?geli(8) )

This instead is ZFS doing the actual encryption on a normal block device.

reply

e12e | karma 13838 | avg karma 1.49 · | 2023-11-20 19:29:51

How about zfs native encryption?

grahamjperrin | karma 19 | avg karma 0.32 · | 2017-08-18 03:39:05

ZFS - native encryption, resizing, bleaching | The FreeBSD Forums <https://forums.freebsd.org/threads/56869/>

> I hope that FreeBSD will be not too far behind. …

reply

matrix12 | karma 170 | avg karma 1.43 · | 2022-10-17 10:03:08

ZFS runs on NetBSD, and FreeBSD. NOT OpenBSD.

unlmtd1 | karma -14 | avg karma -0.23 · | 2017-08-24 12:09:28+00:00

On the flip side, ZFS on linux now has native encryption.