Actually I'm gonna correct myself there a bit, I'm pretty sure after more 
reading that the thing that was too complex to have in dump code was not so 
much computing Fletcher4 itself, as updating the actual pool structure and 
committing a new txg (but hopefully someone who knows more about it will chime 
in here and correct me!). I think that's why ZFS pre-allocates the blocks used 
for dump and gives dump a list of LBAs to write to that have all checksumming 
and parity turned off -- so dump can just write there without updating any of 
the structure elsewhere in the pool.

So if that's true, it does seem plausible that maybe we can have something like 
a fixed dump encryption key that we give to the dump subsystem in a similar 
manner at the time we activate the dump device, and it has some very minimal 
code that does a single mode of encryption (probably unauthenticated?) just for 
this. It almost seems like a separate project though.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openzfs/openzfs/pull/124#issuecomment-321308336
------------------------------------------
openzfs-developer
Archives: 
https://openzfs.topicbox.com/groups/developer/discussions/T1625245905c55186-M8888ba46b9174e31611d54d3
Powered by Topicbox: https://topicbox.com

Reply via email to