OpenSolaris

1. Project: ZFS on disk encryption support
   1. Announcements
   2. Blogs
   3. Discussions
   4. Leaders
   5. Observers
   6. Files
   7. Phase 1
      1. IV Generation
      2. Encryption Cipher Modes
      3. Using KCF
      4. Encryption by DMU Object Type
      5. Phase 1 Alpha Release Notes
      6. libzfs API additions
      7. CLI
      8. L2ARC Encryption
      9. Test Plan
      10. Test Assertions
   8. Project Plan
   9. Design Review
   10. Phase 1 Codereview

Project Name: ZFS Encrypted Datasets PSARC 2007/261

Project Summary:

This project will provide on disk encryption/decryption support for ZFS datasets. The project will cover the addition of encryption and decryption to the ZFS IO pipeline and the key management for ZFS datasets.

It will deliver in multiple phases to support different key management strategies including one which provides support for secure deletion based on encrypted datasets.

Phase deliverables:

Phase 1

• Per dataset policy for enabling encryption, including algorithm and key length.
• Per dataset keys wrapped by single per pool key
• Pool key from passphrase using PKCS#5 PBE
• Pool key stored in PKCS#11 token
• Zone / TX Label key management delegation (dataset keys only)
• Per user key management (dataset keys only)
• Secure Deletion (by delete & pool key change)

Dependences:

Any bug marked with the zfs-crypto keyword is a dependency.

Bugs marked zfs-crypto

Phase 1 High Level Schedule:

Milestone	Start	Complete
Proof Concept	Available	Completed
Alpha Release	Q3CY07	Released
Available on OpenSolaris	Q2CY08