If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
16k lines of code for encryption? Probably they implement it all for themselves, even the algorithms, since the kernel's symbols are gpl only, aren't they?
If that is the case, will it be possible to use hw accelerators? Like in modern CPUs? My NAS would be happy.
16k lines of code for encryption? Probably they implement it all for themselves, even the algorithms, since the kernel's symbols are gpl only, aren't they?
If that is the case, will it be possible to use hw accelerators? Like in modern CPUs? My NAS would be happy.
It pulls the Illumos crypto subsystem in and adds more kernel modules to ZFS to implement everything. So yeah, as far as I can tell, it doesn't use the Linux stuff much.
Last edited by King InuYasha; 14 August 2017, 07:52 PM.
It pulls the Illumos crypto subsystem in and adds more kernel modules to ZFS to implement everything. So yeah, as far as I can tell, it doesn't use the Linux stuff much.
A sign that they might actually do things right here, even though it's for Linux.
A sign that they might actually do things right here, even though it's for Linux.
Depends. The Illumos subsystem will need to be actively maintained and security verifications need to occur for the ZoL version, since it's not the same as the original in the Illumos kernel. But also more crypto stuff in the kernel means that it's going to take much more work to audit the running Linux environment.
This is actually very cool.. so adding encryption to ZFS was the last feature that never got into OpenSolaris when .. well it was open. (and apparently the Oracle ZFS Encryption implementation was broken actually twice due to the incompetence of the developer at Oracle according to Bryan Cantrill) This is an all new implementation and one that Oracle can't legally backport.
It was always considered to be kind of a meh feature because an enterprise wouldn't really need it, its more of a laptop feature and ZFS on a laptop is.. well.. hmm.
The reason it uses Illumos's crypto subsystem is for portability.
The very cool part of this tho is the ability to combine it with ZFS send and receive. So you can now offsite encrypted ZFS datasets. It's also cool to see big feature development coming out of ZoL as opposed to the usual coming from Illumos or FreeBSD.
.
It was always considered to be kind of a meh feature because an enterprise wouldn't really need it, its more of a laptop feature and ZFS on a laptop is.. well.. hmm.
When dealing with PHI and HIPAA, encrypted filesystems matter, regardless of laptop usage, especially if you consider offering cloud-hosted solutions.
This could actually be the feature that would make/break an IT decision for someone somewhere.
At the same time, most healthcare IT would never use an out of tree filesystem in the first place without a support contract anyway..
Comment