[zfs-discuss] Support booting from encrypted root fs

Turbo Fredriksson turbo at bayour.com
Tue May 21 09:52:00 EDT 2013


On May 21, 2013, at 12:36 PM, Zenny wrote:

> Obviously it matters when encryption key is not wiped out cleanly when
> / is unmounted.

I'll be ****! Had no idea, and I thought I was quite good at
security concerns :)

I can't remember seeing any such problems, but I'll take a look
again later. I'm currently working on getting all filesystems on ZFS
(that is /, /boot, /usr, /home and /var) and booting from it.

It have succeeded twice now and just ironing out some smaller
bits and pieces in d-i.


Next I'll try to boot from encrypted /, /boot, /usr, /home and /var,
all with separate keys.

My current problem is getting access to the wrapper key... Should I
put it in the initrd (difficult in itself - don't seem to exist any
option to add 'random files' to the grub image), or should I add
an option to grub to look for the key 'on the outside', kind'a like
cryptsetup/dm do... ?


But I'll keep an eye out for any problems unmounting /. I doubt there
is any such problem, I'm _very_ sure that the Sun coders would think
about such a thing, but the question is if ZoL have that support...



More information about the zfs-discuss mailing list