Grace Tang wrote: > Darren J Moffat ???: >> Thanks to some white borad time with Alec Muffett I think I might have >> a solution that a) doesn't require the pool key for initial dataset >> creation and b) doesn't require but allows for zfs(1) to be interactive. > Does this solution mean without the pool/dataset key, datasets can be > created? But only the pool or dataset key is loaded, datasets can be > mounted.
It means that you can create a dataset with encryption using a per dataset key even if there has never been a pool level key defined. It provides a way to specify the new per dataset key at create time - so that we don't need the pool key to do the initial key wrapping during dataset creation. Datasets will need the appropriate key (pool or dataset) to be loaded for them to mount. -- Darren J Moffat
