Editing Encryption
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Core Storage (File Vault 2) == | == Core Storage (File Vault 2) == | ||
− | Although the upstream OpenZFS project lists [http://open-zfs.org/wiki/Projects#Platform_agnostic_encryption_support platform-agnostic encryption support] at the ZFS dataset level as a possible future enhancement, OS X already offers | + | Although the upstream OpenZFS project lists [http://open-zfs.org/wiki/Projects#Platform_agnostic_encryption_support platform-agnostic encryption support] at the ZFS dataset level as a possible future enhancement, OS X already offers FileVault 2, which provides AES-XTS encryption at the block level as part of Core Storage volume management. |
This is the OS X analogue of the following block-level encryption systems on other operating systems that support ZFS: | This is the OS X analogue of the following block-level encryption systems on other operating systems that support ZFS: | ||
Line 40: | Line 13: | ||
=== Caveats === | === Caveats === | ||
− | + | As noted in the article [[suppressing the annoying pop-up]], you will receive a pop-up claiming the disk isn't readable by this computer. | |
+ | This leads to one step that can be confusing: when unlocking the disk (e.g., on startup), the "bug" will make OS X believe the disk wasn't unlocked, and thus "wiggle," presenting the prompt again. | ||
Assuming you entered your password correctly, the encrypted volume should now be unlocked, despite the misleading wiggle, and you can safely close the dialog box by clicking "Cancel." You'll know for sure the volume is unlocked when you proceed to import your pool, or you can check directly by looking for <code>Encryption Status: Unlocked</code> in the output of <code>diskutil coreStorage list</code>. | Assuming you entered your password correctly, the encrypted volume should now be unlocked, despite the misleading wiggle, and you can safely close the dialog box by clicking "Cancel." You'll know for sure the volume is unlocked when you proceed to import your pool, or you can check directly by looking for <code>Encryption Status: Unlocked</code> in the output of <code>diskutil coreStorage list</code>. | ||
Line 78: | Line 52: | ||
Next, we encrypt the logical volume, our Core Storage disk, disk2: | Next, we encrypt the logical volume, our Core Storage disk, disk2: | ||
− | |||
− | |||
# diskutil coreStorage encryptVolume /dev/disk2 | # diskutil coreStorage encryptVolume /dev/disk2 | ||
Line 93: | Line 65: | ||
This can and will take a while to complete. You can check the status by issuing: | This can and will take a while to complete. You can check the status by issuing: | ||
− | # diskutil coreStorage list | grep Conversion | + | # diskutil coreStorage list | grep "Conversion Progress" |
Until it's done: | Until it's done: | ||
− | |||
Conversion Progress: -none- | Conversion Progress: -none- | ||
Line 136: | Line 107: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | |||
=== Reason to "use latest" === | === Reason to "use latest" === | ||
Line 175: | Line 145: | ||
Core Storage. | Core Storage. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | === Time Machine backups === | ||
+ | As a follow-up, here's one approach to using ZFS for your Time Machine Backups: | ||
+ | |||
+ | While it has been discussed in heated arguments (e.g., https://github.com/openzfsonosx/zfs/issues/66) I still believe there's at least one ZFS feature I'd like to test with Time Machine: compression. | ||
+ | |||
+ | The hypothesis being: | ||
+ | an HFS+ sparsebundle stored on a compressed (gzip, lz4), deduped dataset should | ||
+ | yield a compression ratio > 1.0. | ||
+ | (previously observed 1.4 with compression=on, dedup=off, FreeBSD network Time Machine drives). | ||
+ | |||
+ | To work around compatible disks for Time Machine, we create an HFS+ sparsebundle, store it on ZFS, and set the mounted image as a backup destination – no "TMShowUnsupportedNetworkVolumes" needed. | ||
+ | |||
+ | 1. Create, and mount, a sparsebundle from your ZFS filesystem (e.g., with makeImage.sh). | ||
+ | |||
+ | 2. Set your sparsebundle as the (active) backup destination # tmutil setdestination -a /Volumes/Time\ Machine\ Backups |