| View previous topic :: View next topic |
| Author |
Message |
crocket
Guru
Joined: 29 Apr 2017
Posts: 558
|
 Posted: Sat Nov 20, 2021 7:53 am Post subject: How can I create a root zfs mirror on top of LUKS? |
 |
|
Is there any guide?
Ideally, I don't want to use a keyfile, and I want to enter the password only once. |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
|
| Back to top |
|
|
Juippisi
Developer
Joined: 30 Sep 2005
Posts: 724
Location: /home
|
| Posted: Sun Nov 21, 2021 7:11 am Post subject: |
|
|
zfs has its own encryption built-in, you don't need to involve luks.
Here's how I do it:
passphrase to open zfs partition, which holds keyfile to open any HDDs. So, password is only entered once, then HDD-luks partitions gets mounted automatically via /etc/conf.d/dmcrypt
(Note that my zfs-encrypted-mirror is only on /home, not on / but I'd imagine it should still work) |
|
| Back to top |
|
|
crocket
Guru
Joined: 29 Apr 2017
Posts: 558
|
| Posted: Wed Nov 24, 2021 4:49 am Post subject: |
|
|
| Juippisi wrote: | zfs has its own encryption built-in, you don't need to involve luks.
Here's how I do it:
passphrase to open zfs partition, which holds keyfile to open any HDDs. So, password is only entered once, then HDD-luks partitions gets mounted automatically via /etc/conf.d/dmcrypt
(Note that my zfs-encrypted-mirror is only on /home, not on / but I'd imagine it should still work) |
I also discovered zfs native encryption and prefer it to LUKS.
The problem is that a zfs dataset can't contain multiple keys and I don't know a way to open all encrypted zfs datasets by entering a password once.
There are an encrypted root zfs dataset and another encrypted zfs dataset that belongs to another zfs pool. |
|
| Back to top |
|
|
|
Networking & Security
