Solved ZFS native encryption - mounted dataset is no longer labeled encrypted 😱

tanis

tanis

Hi,

I'm using ZFS native encryption and just noticed that datasets which have been encrypted when mounted are no longer labeled 'encrypted'. The following properties still show all the proper values:

Code: 
$ zfs get encryption,keyformat,keylocation zroot/data
NAME        PROPERTY    VALUE        SOURCE
zroot/data    encryption    aes-256-gcm    local
zroot/data    keyformat    passphrase    -
zroot/data    keylocation    available    -
$ mount | grep data
zroot/data on /data (zfs, local, noatime, nfsv4acls)
$

So these datasets are still encrypted, right ?😱

FreeBSD 13.1-RELEASE-p7

Regards,

tanis
 
Looks like I'm getting old, I'm pretty sure there had been a time when a ZFS dataset had been marked encrypted, but it looks like this is no longer the case, or perhaps has never been the case. 😅
 
My opinions, I've not used zfs encryption.

What if you do zfs list? Does it show encrypted there?
In theory, the mount command is not useful with ZFS datasets. In practice, it's the first thing people type.
 
tanis said:
I'm pretty sure there had been a time when a ZFS dataset had been marked encrypted, but it looks like this is no longer the case, or perhaps has never been the case.
Click to expand...

Perhaps you read the https://klarasystems.com/articles/openzfs-native-encryption/ article, where a zroot/encrypted named encrypted dataset is created and the mount | grep encrypted command returns the datasets name and mount point.
Code: 
zroot/encrypted on /zroot/encrypted (zfs, local, noatime, nfsv4acls)
 
You must log in or register to reply here.
Back
Top