Hi Darren, Sorry about the slow response (from me). I was on vacation last week (and am on semi-vacation this week).
I can't answer your question about using the zio transform stuff. You will have to get Jeff or Bill's attention for that. As far as the ARC "hook" goes: it doesn't yet exist. You will have to add this functionality yourself. I will be happy to help you design this if you decide to go down this path. -Mark Darren J Moffat wrote: > Trying again since I didn't see any responses.... > > > So today[0] I believe I have encrypted data (part of Hamlet in case you > care[1]) in a ZFS file system for the first time without having a panic.[2] > > However.... when I read the data back using cat(1) I get garbage. > Garbage of the correct size that looks very much like it would be the > ciphertext! > > Now I think this is because I used crypto_encrypt(9f) with the inplace > encryption. I believe this means that we now have the ciphertext in the > ARC. Now that might actually be a good thing in some cases since it > means that if the key goes away (ie user removed it) we don't need to > flush the cache; it wasn't what I was trying to do at the moment though > and I actually thought that was going to be one of the harder problems > to solve :-) > > So I went back and looked at how compression works and noticed that it > uses zio_push/pop_transform. I had tried using that before but it just > resulted in panics so I put it aside for a while. > > So should I be using the zio transform stuff here ? If so how is it > supposed to work, who allocates memory etc. > > Assuming that I do want to actually have the data encrypted in the ARC > is there a hook some where that I can have zio_decrypt_data called or is > this something I'll need to add myself ? > > Cheers > > > [0] It was on 25th May :-) > > [1] Yeah I should use something else since that is already in the > Solaris source base (and put there by me). > > [2] NOTE: This is still a prototype and is using a hardcoded key because > this is for ZIO pipeline testing not even beta test. > > -- > Darren J Moffat > > _______________________________________________ > zfs-code mailing list > zfs-code at opensolaris.org > http://opensolaris.org/mailman/listinfo/zfs-code
