ZFS-Native Encryption
Jump to navigation
Jump to search
Tom Caputi of Datto will give a talk on ZFS-Native Encryption at the OpenZFS Developer Summit 2016, covering the following:
- A brief intro to how modern symmetric encryption algorithms work (mostly so that people understand the parameters required for encryption)
- A brief explanation of the ICP and what work was required to make it relatively portable
- An explanation of what changes were made to ZFS, including implementation details regarding:
- The new DSL Keychain (in user memory, in kernel memory, and on disk)
- The way the DSL keychain hooks into the existing DSL code (with regards to create, clone, destroy and "owning" operations)
- What data is encrypted and what is left in the clear
- The changes made to the ZIO layer for data kept in the primary pool storage
- Encrypted ZIL blocks
- Encrypted L2ARC data
- Future extensions and challenges
- Encrypted send (with regards to the current compressed send work)
- Support for more encryption algorithms
- Support for more keysources / locations