First of all, this is not a question about ZFS-on-GELI vs. ZFS native encryption, which has been addressed many times exhaustively on this Forum. I understand the differences between the two conceptually and in terms of metadata visibility, performance, etc. I have also read Thread why-use-geli-underneath-zfs-these-days.97928, which contains some posts relevant to the topic at hand.
The background: recently, in order to guard myself better against data loss/corruption, I switched all of my home storage and backup infrastructure over from UFS-on-GELI to ZFS, with native encryption enabled for most datasets.
Unfortunately, the choice of native encryption was based on naïve enthusiasm and not altogether factually informed. In particular, I found out only afterward about the data corruption bug affecting non-raw zfs-send(8)/zfs-recv(8) that was (apparently) patched last year. Unfortunately, my backup scripts rely on this functionality for sending/receiving incremental snapshots, both locally and over the network. Nothing bad has happened, and I did patch my systems as per Security Advisory FreeBSD-EN-25:10.zfs. Yet reading further around the bug has been unnerving and brought to light, among other things, the relative lack of maturity of the ZFS native encryption code base.
Has anyone here actually had this bug rear its head under ordinary conditions, and if so, was it possible to recover from it, e.g. with a zpool-scrub(8)? Is it irrational in general to worry about this?
There must be tons of users out there who have been using ZFS native encryption at scale for years without any issues; if you are one of those people, it would be great if you could share your experience. Failing such reassurance, I am contemplating switching everything to ZFS-on-GELI. This would entail some initial pain, as I am rather locked in to native encryption at the moment, but would still be vastly preferable to risking data loss. My 2¢.
The background: recently, in order to guard myself better against data loss/corruption, I switched all of my home storage and backup infrastructure over from UFS-on-GELI to ZFS, with native encryption enabled for most datasets.
Unfortunately, the choice of native encryption was based on naïve enthusiasm and not altogether factually informed. In particular, I found out only afterward about the data corruption bug affecting non-raw zfs-send(8)/zfs-recv(8) that was (apparently) patched last year. Unfortunately, my backup scripts rely on this functionality for sending/receiving incremental snapshots, both locally and over the network. Nothing bad has happened, and I did patch my systems as per Security Advisory FreeBSD-EN-25:10.zfs. Yet reading further around the bug has been unnerving and brought to light, among other things, the relative lack of maturity of the ZFS native encryption code base.
Has anyone here actually had this bug rear its head under ordinary conditions, and if so, was it possible to recover from it, e.g. with a zpool-scrub(8)? Is it irrational in general to worry about this?
There must be tons of users out there who have been using ZFS native encryption at scale for years without any issues; if you are one of those people, it would be great if you could share your experience. Failing such reassurance, I am contemplating switching everything to ZFS-on-GELI. This would entail some initial pain, as I am rather locked in to native encryption at the moment, but would still be vastly preferable to risking data loss. My 2¢.
