ZFS gains data encryption
Seven years after developers started working on ZFS, crypto functions have been added to the file system. The functions will probably be part of the forthcoming Solaris Express 2010. While no implementation details are available so far, a blog post talks about "support for encrypted ZFS datasets," which points towards an encryption of the entire file system. The ZFS crypto project's web site lists targets such as a per-dataset policy for enabling algorithms and key lengths as well as an encrypted swap area. However, the boot file system is to remain unencrypted. Details of a potential implementation can be found in an undated report entitled "Data at rest: ZFS & lofi crypto".
The technology will, for now, only be available to Oracle customers as part of Solaris and on ZFS storage systems. Other ZFS users will be able to integrate the crypto functions once the vendor has released the relevant code as open source.
See also:
- ZFS creator leaves Oracle, a report from The H.
- ZFS as a Linux kernel module, a report from The H.
- ZFS for the Linux kernel, a report from The H.
(crve)