Is iX aware of the discussion about warning users away from ZFS encryption?

Hi all,

I was wondering if anyone knew (or iX wanted to weigh in on) whether iX was aware of the discussion going on in this ZFS thread, and whether there were any plans to potentially add warnings or restrictions into the TrueNAS interface in light of this. I did a quick search of the forum beforehand but it doesn’t seem anyone has posted this before.

I myself run encryption and haven’t had any issues, but it sounds like at least some of them are related to trying to replicate out an unencrypted stream from an encrypted source, which I never do. Regardless, if the possibility is there for any issue I agree that a warning is certainly warranted.

Phoronix also ran this article on the issue back at the beginning of the year:

Looks like I’m okay, then.

I heard that the original developer for “native ZFS encryption” has since left the project. So it’s hard to say how confident I am in its longterm maintenance, unless there’s someone who adopted it that has an excellent understanding of its code.

So… if you unencrypted zfs send from an encrypted source dataset… and do a concurrent snapshot…, there is a chance that the source pool will show checksum errors?

Which might be fixed with a few scrubs and reboots.

Gee. That may explain some of those curious unexplained checksum errors we see.

(Bug, HW failure, Memory Error… those ones)

Maybe we need to start asking if they’re using ZFS Encryption in future.

Or maybe the ZFS encryption failure reports need to check if they’re using ECC?

3 Likes