> Could you create pool/dump, pool/swap and pool/encrypted? Is there a reason 
> this data shouldn't be encrypted in the first place (even though it should 
> only be used by the system)?

Yeah, we probably can do that, there's just a disturbing number of scripts that 
assume things are in the root of the pool. :) I wonder if we should maybe add 
an exclusion specifically and only for dump zvols (we already treat them 
specially all over the place).

And I think the dump zvol should not be encrypted, for the same reason it has 
all checksumming and raidz parity turned off on it: the system needs to be able 
to write to it during a kernel panic. The system dumps the contents of kernel 
memory out into there, and then after reboot the OS picks that data up and 
moves it into the pool proper for permanent storage (it's just a temporary 
holding area before we reboot). `checksum=noparity` is a mode that was 
introduced exclusively for this zvol (it's not really meant to be used for 
anything else).

As for swap, I'm fine with encrypting it, though what I'd really like is to put 
it under a separate key (one that we generate each boot and then throw it away 
so next boot we can't read it any more).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openzfs/openzfs/pull/124#issuecomment-321135678
------------------------------------------
openzfs-developer
Archives: 
https://openzfs.topicbox.com/groups/developer/discussions/T1625245905c55186-M360101b0bd655334076c76a3
Powered by Topicbox: https://topicbox.com

Reply via email to