On Tue, Apr 03, 2018 at 08:45:59PM +0200, Andreas Steinel wrote: > Hi everyone, > > are you (Proxmox staff) actively testing encrypted ZFS or are you > waiting for the upstream "activation"?
if you are talking about upstream's native encryption, then AFAIK none of us are testing that (yet). it's not part of any ZoL release (only the development branch), and it has shown in the past few months that not including it in 0.7 was the right choice for sure (1 issue requiring a backwards incompatible on-disk format change, several that completely broke send/recv in certain scenarios). it will most likely be part of 0.8, and if that gets cut in time for PVE 6 we will surely take a closer look again when we start preparing for that. do you have specific use cases in mind? Grub does not currently support the ZoL encryption, and I am not sure if and when it will get support. that means it would probably not work out of the box for the root dataset (unless we switch to a completely different boot approach, which does not seem very likely at the moment). it is per dataset though, so encrypting the guest datasets should be possible without much hassle. (I do use ZoL on top of LUKS as / on a few systems without any problems, but it requires manually bootstrapping the system and a bit of fiddling to get all the parts to play nice with eachother ;)) _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel