Newbie to Encryption

New to OpenZFS on OS X (Or ZFS in general)? Ask your questions here!

Newbie to Encryption

Postby JohnP » Mon Oct 24, 2022 12:05 pm

Hi all
Apologies if I'm not grasping this correctly.

On my Mac with bunch of disks attached, I can create a RAIDZ pool happily, eg:
Code: Select all
zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD MyRAID raidz /dev/disk2 /dev/disk3 /dev/disk4 /dev/disk5

All good. This pool immediately mounts in the Finder at /Volumes/MyRAID
As the man page says:
The root of the pool can be accessed as a file system, such as mounting and unmounting, taking snapshots, and setting properties.

All good.

But if I want to use native encryption, it seems that I can't encrypt the root filesystem in a pool (/), only a dataset subsequently created
Code: Select all
zpool set feature@encryption=enabled MyRAID
zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase MyRAID/Encrypted


Have I understood that correctly?
So if I create a dataset (filesystem) called Encrypted in the pool it appears as a folder in the mounted pool and ALSO is mounted at /Volumes/MyRAID/Encrypted
That's fine, but call me fussy, how do I get ONLY the Encrypted filesystem to appear in the Finder without the container pool showing as well?
JohnP
 
Posts: 5
Joined: Tue Sep 16, 2014 5:25 pm

Re: Newbie to Encryption

Postby srirangav » Mon Oct 24, 2022 1:37 pm

Hi,

I've had this (minor) annoyance for some time and haven't been able to figure out a solution. My workaround was to create my encrypted zfs data sets with com.apple.browse=off so that only the main zpool shows up in the Finder:

Code: Select all
$ sudo zfs create -o com.apple.browse=off -o com.apple.mimic_hfs=on -o encryption=on -o keylocation=prompt -o keyformat=passphrase [dataset]


HTH,

-ranga
srirangav
 
Posts: 6
Joined: Tue Aug 10, 2021 3:46 pm

Re: Newbie to Encryption

Postby lundman » Mon Oct 24, 2022 4:13 pm

zpool takes -o for pool option, and -O for dataset options.
zfs takes -o for dataset options.

So zfs create -o encryption. would become zpool create -O encryption.

ie,

zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD -O encryption=aes-256-ccm -O keyformat=passphrase MyRAID raidz /dev/disk2 /dev/disk3 /dev/disk4 /dev/disk5
User avatar
lundman
 
Posts: 1335
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan

Re: Newbie to Encryption

Postby JohnP » Wed Oct 26, 2022 4:00 am

Fabulous. That makes sense. Thank you very much.
JohnP
 
Posts: 5
Joined: Tue Sep 16, 2014 5:25 pm


Return to Absolute Beginners Section

Who is online

Users browsing this forum: No registered users and 8 guests

cron