> Could you create pool/dump, pool/swap and pool/encrypted? Is there a reason > this data shouldn't be encrypted in the first place (even though it should > only be used by the system)?
Yeah, we probably can do that, there's just a disturbing number of scripts that assume things are in the root of the pool. :) I wonder if we should maybe add an exclusion specifically and only for dump zvols (we already treat them specially all over the place). And I think the dump zvol should not be encrypted, for the same reason it has all checksumming and raidz parity turned off on it: the system needs to be able to write to it during a kernel panic. The system dumps the contents of kernel memory out into there, and then after reboot the OS picks that data up and moves it into the pool proper for permanent storage (it's just a temporary holding area before we reboot). `checksum=noparity` is a mode that was introduced exclusively for this zvol (it's not really meant to be used for anything else). As for swap, I'm fine with encrypting it, though what I'd really like is to put it under a separate key (one that we generate each boot and then throw it away so next boot we can't read it any more). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/openzfs/openzfs/pull/124#issuecomment-321135678 ------------------------------------------ openzfs-developer Archives: https://openzfs.topicbox.com/groups/developer/discussions/T1625245905c55186-M360101b0bd655334076c76a3 Powered by Topicbox: https://topicbox.com
