The zfs create -o encryption command encrypts a newly created ZFS dataset ... Loads the wrapping key to unlock the encrypted dataset and datasets that ...
06.12.2020 · The locking/unlocking mechanism is but a small part of a (hopefully) vigorous, multi-layer security regimen, and one that is usually considered an edge case. On a zfs encrypted volume the protection comes if a burglar breaks into your home/office, powers off the NAS and runs away with the disks.
19.11.2021 · ZFS key auto unlock fails 100% in physical theft of the unit. It also prevents you from decrypting and mount a dataset when a specific IP is present. Using ZFS native encryption with a passphrase requires intervention to unlock on boot. For Key encryption, it will automatically unlock on boot without the need for your intervention with a script.
14.10.2021 · We add the possibility to unlock it via ssh. Then we add two types of encrypted ZFS storage: ZFS on top of LUKS and native ZFS encrypted storage …
16.02.2020 · Boot-time unlocking of ZFS encrypted datasets Note A disclaimer about the status of this document, as of January 2020: With ZoL version 0.8.1 and newer, systemd mount generators exist that can automatically take a passphase at …