Darren J Moffat
2007-Sep-12 11:31 UTC
[zfs-code] Which ZFS DMU objects should be encrypted ?
The DMU layer will determine which objects in be encrypted when being placed in a dataset that has the encryption property turned on. http://opensolaris.org/os/project/zfs-crypto/phase1/dmu_ot/ Which of these marked as FALSE can be and should be *TRUE* ? -- Darren J Moffat
Matthew Ahrens
2007-Sep-19 21:47 UTC
[zfs-code] Which ZFS DMU objects should be encrypted ?
Darren J Moffat wrote:> The DMU layer will determine which objects in be encrypted when being > placed in a dataset that has the encryption property turned on. > > http://opensolaris.org/os/project/zfs-crypto/phase1/dmu_ot/ > > Which of these marked as FALSE can be and should be *TRUE* ? >According to your table, all objects in a ZPL dataset will be encrypted. The only ones marked FALSE are DMU_OT_ZVOL_PROP and MOS-only ones. This seems fine. --matt
On Sep 12, 2007, at 4:31 AM, Darren J Moffat wrote:> The DMU layer will determine which objects in be encrypted when being > placed in a dataset that has the encryption property turned on. > > http://opensolaris.org/os/project/zfs-crypto/phase1/dmu_ot/ > > Which of these marked as FALSE can be and should be *TRUE* ?I''m wondering if the DMU_OT_SPA_HISTORY object should be encrypted to "hide" (whatever the proper security word is) the command history. eric
Darren J Moffat
2007-Sep-20 09:55 UTC
[zfs-code] Which ZFS DMU objects should be encrypted ?
eric kustarz wrote:> > On Sep 12, 2007, at 4:31 AM, Darren J Moffat wrote: > >> The DMU layer will determine which objects in be encrypted when being >> placed in a dataset that has the encryption property turned on. >> >> http://opensolaris.org/os/project/zfs-crypto/phase1/dmu_ot/ >> >> Which of these marked as FALSE can be and should be *TRUE* ? > > I''m wondering if the DMU_OT_SPA_HISTORY object should be encrypted to > "hide" (whatever the proper security word is) the command history.Funny you should bring that up I was considering that myself for the same reason. On the other hand I write history records when we do certain key management operations so there might be a chicken-egg problem :-) The history is already protected from end users on the system because it requires secpolicy_sys_config() pass, however that doesn''t come into play once the disks are stolen and someone is looking at the raw disks elsewhere. I''ll look into it and play around with it a bit. -- Darren J Moffat
Matthew Ahrens
2007-Sep-20 12:26 UTC
[zfs-code] Which ZFS DMU objects should be encrypted ?
eric kustarz wrote:> On Sep 12, 2007, at 4:31 AM, Darren J Moffat wrote: > >> The DMU layer will determine which objects in be encrypted when being >> placed in a dataset that has the encryption property turned on. >> >> http://opensolaris.org/os/project/zfs-crypto/phase1/dmu_ot/ >> >> Which of these marked as FALSE can be and should be *TRUE* ? > > I''m wondering if the DMU_OT_SPA_HISTORY object should be encrypted to > "hide" (whatever the proper security word is) the command history.No. The goal as I understand it is to protect data inside a dataset. Administrative policies (eg, dataset names, properties) are not protected by design. The history just exposes these policies via a different means. --matt