Go to file
Tom Caputi b525630342 Native Encryption for ZFS on Linux
This change incorporates three major pieces:

The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.

The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.

The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494 
Closes #5769
2017-08-14 10:36:48 -07:00
.github Provide links to info about ZFS Buildbot options 2017-06-15 17:52:18 -07:00
cmd Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
config Fix autoconf detection of super_setup_bdi_name 2017-07-25 10:30:20 -07:00
contrib dracut: Install commands required for vdev_id 2017-08-04 11:14:48 -07:00
etc zpool iostat/status -c improvements 2017-06-05 10:52:15 -07:00
include Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
lib Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
man Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
module Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
rpm Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
scripts Add libtpool (thread pools) 2017-08-09 15:31:08 -07:00
tests Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
udev Fix spelling 2017-01-03 11:31:18 -06:00
.gitignore Improve gitignore 2017-05-25 10:14:13 -07:00
.gitmodules Add zimport.sh compatibility test script 2014-02-21 12:10:31 -08:00
AUTHORS Add a missing > to AUTHORS 2014-09-02 14:18:53 -07:00
autogen.sh build: do not call boilerplate ourself 2013-04-02 10:55:20 -07:00
configure.ac Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
copy-builtin Allow c99 when building ZFS in the kernel tree 2017-03-27 12:31:15 -07:00
COPYRIGHT Update ZED copyright boilerplate 2015-05-11 15:07:00 -07:00
DISCLAIMER Fix minor typos and update marketing copy. 2013-03-21 12:51:06 -07:00
Makefile.am Prebaked scripts for zpool status/iostat -c 2017-04-21 09:27:04 -07:00
META Tag zfs-0.7.0 2017-07-26 10:13:25 -07:00
OPENSOLARIS.LICENSE Add CDDL license file 2008-12-01 14:49:34 -08:00
README.markdown Add CONTRIBUTING information and templates 2016-12-09 12:48:12 -07:00
TEST Retire filebench testing 2017-06-01 06:24:28 -07:00
zfs-script-config.sh.in zpool iostat/status -c improvements 2017-06-05 10:52:15 -07:00
zfs.release.in Move zfs.release generation to configure step 2012-07-12 12:22:51 -07:00

ZFS is an advanced file system and volume manager which was originally developed for Solaris and is now maintained by the Illumos community.

ZFS on Linux, which is also known as ZoL, is currently feature complete. It includes fully functional and stable SPA, DMU, ZVOL, and ZPL layers. And it's native!

Official Resources

Installation

Full documentation for installing ZoL on your favorite Linux distribution can be found at our site.

Contribute & Develop

We have a separate document with contribution guidelines.