As part of the ZFS crypto project we are planning on adding a new pool level property. This property will indicate "where" to find the per pool wrapping key (the dataset key encryption key, DSKEK).
This property will ideally be a string since we need to store values like the following "passphase" - the string 'p', 'a', 's', ... not the acutal passphrase "file:<pathname>" "pkcs11:[<token>]:[<manuf>]:[<serial>]:<objlabel>" eg file:/rmdisk/mykeys/zfs/tank pkcs11:Sun Softoken:::tankdskek pkcs11::::tankdskek I've tried to clone what the bootfs property does but that doesn't seem to be the correct thing to do since it doesn't appear to store the string but store the objnum. Can a pool property be a string ? If so how should I be making it persist. -- Darren J Moffat
