Newbie to Encryption
Posted: Mon Oct 24, 2022 12:05 pm
Hi all
Apologies if I'm not grasping this correctly.
On my Mac with bunch of disks attached, I can create a RAIDZ pool happily, eg:
All good. This pool immediately mounts in the Finder at /Volumes/MyRAID
As the man page says:
All good.
But if I want to use native encryption, it seems that I can't encrypt the root filesystem in a pool (/), only a dataset subsequently created
Have I understood that correctly?
So if I create a dataset (filesystem) called Encrypted in the pool it appears as a folder in the mounted pool and ALSO is mounted at /Volumes/MyRAID/Encrypted
That's fine, but call me fussy, how do I get ONLY the Encrypted filesystem to appear in the Finder without the container pool showing as well?
Apologies if I'm not grasping this correctly.
On my Mac with bunch of disks attached, I can create a RAIDZ pool happily, eg:
- Code: Select all
zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD MyRAID raidz /dev/disk2 /dev/disk3 /dev/disk4 /dev/disk5
All good. This pool immediately mounts in the Finder at /Volumes/MyRAID
As the man page says:
The root of the pool can be accessed as a file system, such as mounting and unmounting, taking snapshots, and setting properties.
All good.
But if I want to use native encryption, it seems that I can't encrypt the root filesystem in a pool (/), only a dataset subsequently created
- Code: Select all
zpool set feature@encryption=enabled MyRAID
zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase MyRAID/Encrypted
Have I understood that correctly?
So if I create a dataset (filesystem) called Encrypted in the pool it appears as a folder in the mounted pool and ALSO is mounted at /Volumes/MyRAID/Encrypted
That's fine, but call me fussy, how do I get ONLY the Encrypted filesystem to appear in the Finder without the container pool showing as well?