I’ve provided a script below to make it easier. So on boot, you unlock the disks first, then import your zpools. The only gotcha is you can’t have your zpools mount on boot – which makes sense because if you’re using encryption you want to be able to unlock them first before they are usable. With this setup, the mapper devices that are created via the LUKS unlocking/opening process are simply presented as block devices that can then be leveraged by ZFS. The setup goes like this: ZFS Filesystem <-top LUKS is relatively new to the disk encryption space but is considered mature. My solution was to use the Linux Unified Key Setup (LUKS) to encrypt the raw devices underneath ZFS. Luckily ZFS on Linux is now ready for prime-time! Unfortunately, ZFS on Linux is a few versions behind the official Oracle ZFS just like all other third part implementations of ZFS and does not support native encryption through the filesystem. I had grown to love ZFS on OpenIndiana and didn’t want to lose its features.
I chose to migrate from the Solaris based OpenIndiana to Ubuntu. (Of course, always keep an off-site backup for the really important stuff!) With so much personal information like financial data and pictures stored on the computer, it could be a major mess to recover from theft of your computer.
You never know if someone is going to break into your house and steal your computer. To me, encryption of data at rest is just as important as encryption of data in transit. Be sure you know your way around linux and what you’re getting into before attempting!
WARNING: if you do this wrong or don’t understand the concepts, you risk losing your data.
0 kommentar(er)
