ZFS-Native Encryption

From OpenZFS
Revision as of 18:04, 22 August 2016 by Mahrens (Talk | contribs) (Created page with "Tom Caputi of Datto will give a talk on ZFS-Native Encryption at the 2016 OpenZFS Developer Summit, covering the following: # A brief intro to how modern symmetric encryption...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Tom Caputi of Datto will give a talk on ZFS-Native Encryption at the 2016 OpenZFS Developer Summit, covering the following:

  1. A brief intro to how modern symmetric encryption algorithms work (mostly so that people understand the parameters required for encryption)
  2. A brief explanation of the ICP and what work was required to make it relatively portable
  3. An explanation of what changes were made to ZFS, including implementation details regarding:
    1. The new DSL Keychain (in user memory, in kernel memory, and on disk)
    2. The way the DSL keychain hooks into the existing DSL code (with regards to create, clone, destroy and "owning" operations)
    3. What data is encrypted and what is left in the clear
    4. The changes made to the ZIO layer for data kept in the primary pool storage
    5. Encrypted ZIL blocks
    6. Encrypted L2ARC data
  4. Future extensions and challenges
    1. Encrypted send (with regards to the current compressed send work)
    2. Support for more encryption algorithms
    3. Support for more keysources / locations