View previous topic :: View next topic |
Author |
Message |
crocket Guru
Joined: 29 Apr 2017 Posts: 558
|
Posted: Sat Nov 20, 2021 7:53 am Post subject: How can I create a root zfs mirror on top of LUKS? |
|
|
Is there any guide?
Ideally, I don't want to use a keyfile, and I want to enter the password only once. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
|
Back to top |
|
|
Juippisi Developer
Joined: 30 Sep 2005 Posts: 724 Location: /home
|
Posted: Sun Nov 21, 2021 7:11 am Post subject: |
|
|
zfs has its own encryption built-in, you don't need to involve luks.
Here's how I do it:
passphrase to open zfs partition, which holds keyfile to open any HDDs. So, password is only entered once, then HDD-luks partitions gets mounted automatically via /etc/conf.d/dmcrypt
(Note that my zfs-encrypted-mirror is only on /home, not on / but I'd imagine it should still work) |
|
Back to top |
|
|
crocket Guru
Joined: 29 Apr 2017 Posts: 558
|
Posted: Wed Nov 24, 2021 4:49 am Post subject: |
|
|
Juippisi wrote: | zfs has its own encryption built-in, you don't need to involve luks.
Here's how I do it:
passphrase to open zfs partition, which holds keyfile to open any HDDs. So, password is only entered once, then HDD-luks partitions gets mounted automatically via /etc/conf.d/dmcrypt
(Note that my zfs-encrypted-mirror is only on /home, not on / but I'd imagine it should still work) |
I also discovered zfs native encryption and prefer it to LUKS.
The problem is that a zfs dataset can't contain multiple keys and I don't know a way to open all encrypted zfs datasets by entering a password once.
There are an encrypted root zfs dataset and another encrypted zfs dataset that belongs to another zfs pool. |
|
Back to top |
|
|
|