ZFS-Native Encryption

From OpenZFS
Jump to navigation Jump to search

Tom Caputi of Datto will give a talk on ZFS-Native Encryption at the OpenZFS Developer Summit 2016, covering the following:

  1. A brief intro to how modern symmetric encryption algorithms work (mostly so that people understand the parameters required for encryption)
  2. A brief explanation of the ICP and what work was required to make it relatively portable
  3. An explanation of what changes were made to ZFS, including implementation details regarding:
    1. The new DSL Keychain (in user memory, in kernel memory, and on disk)
    2. The way the DSL keychain hooks into the existing DSL code (with regards to create, clone, destroy and "owning" operations)
    3. What data is encrypted and what is left in the clear
    4. The changes made to the ZIO layer for data kept in the primary pool storage
    5. Encrypted ZIL blocks
    6. Encrypted L2ARC data
  4. Future extensions and challenges
    1. Encrypted send (with regards to the current compressed send work)
    2. Support for more encryption algorithms
    3. Support for more keysources / locations