Page MenuHomeFreeBSD

Add ZFS native encryption section to the handbook
Needs ReviewPublic

Authored by bcr on Fri, Jun 26, 3:30 PM.
Tags
None
Referenced Files
F161517620: D57889.id180751.diff
Sat, Jul 4, 11:48 AM
F161517166: D57889.id180751.diff
Sat, Jul 4, 11:44 AM
F161496190: D57889.id180780.diff
Sat, Jul 4, 7:28 AM
F161495992: D57889.id180780.diff
Sat, Jul 4, 7:25 AM
F161491461: D57889.id180769.diff
Sat, Jul 4, 6:38 AM
F161490990: D57889.id180769.diff
Sat, Jul 4, 6:34 AM
F161480912: D57889.id181187.diff
Sat, Jul 4, 4:57 AM
F161468335: D57889.id180770.diff
Sat, Jul 4, 2:37 AM

Details

Summary

This change adds a new section describing how to use ZFS native encryption including examples to the handbook. It is based on my own training material, the open-zfs.org documentation on the subject and the corresponding man pages (zfs load-key, zfs unload-key). Then I ran my writeup through an AI for grammar, typo and active voice fixes, instructing it to not make any changes to the text itself.

Test Plan
  1. apply the patch to the handbook
  2. View the output (new section 23.6)
  3. Comment or approve

Diff Detail

Repository
R9 FreeBSD doc repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

bcr requested review of this revision.Fri, Jun 26, 3:30 PM

Update the diff with the proper full path within the doc repo.

And now in git-format-patch(1) style.

... and now with context (sorry for the churn).

This revision was not accepted when it landed; it landed in state Needs Review.Fri, Jun 26, 7:07 PM
This revision was automatically updated to reflect the committed changes.

Accidentally closed, please still review.

Add some ZFS experts for their opinion. Thanks in advance!

michaelo requested changes to this revision.Wed, Jul 1, 7:24 AM
michaelo added a subscriber: michaelo.
michaelo added inline comments.
documentation/content/en/books/handbook/zfs/_index.adoc
2669

Isn't this a contradiction to the line above if encryption applies to datasets and not pools regardless of the bootablity?

2722

The title text should be uppercase: Creating an Encrypted Dataset

2753

Ditto

2793

You should either consistently write "cannot" or "can not", but do not mix.

This revision now requires changes to proceed.Wed, Jul 1, 7:24 AM

Thanks for the comments, @michaelo . I'll update the patch to reflect your suggested changes.

documentation/content/en/books/handbook/zfs/_index.adoc
2669

This is more about the loader not being able to start from an encrypted dataset. The pool may not be encrypted itself, but if the root-dataset is encrypted, FreeBSD won't be able to start.

Would it help if I rewrite it to this:

  • Booting from encrypted ZFS pools is not yet supported in FreeBSD's loader.

?

2722

Right, I'll fix this inconsistency here and below. Thanks for noticing!

2793

Good catch, I'll make sure that I fix this in the next update.

Update patch to address comments.

bcr marked 3 inline comments as done.Wed, Jul 1, 6:09 PM