mirror of
				https://git.proxmox.com/git/mirror_zfs
				synced 2025-10-26 11:02:35 +00:00 
			
		
		
		
	 1d3ba0bf01
			
		
	
	
		1d3ba0bf01
		
			
		
	
	
	
	
		
			
			The commit replaces all findings of the link: http://www.opensolaris.org/os/licensing with this one: https://opensource.org/licenses/CDDL-1.0 Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tino Reichardt <milky-zfs@mcmilk.de> Closes #13619
		
			
				
	
	
		
			302 lines
		
	
	
		
			9.3 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
			
		
		
	
	
			302 lines
		
	
	
		
			9.3 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
| .\"
 | |
| .\" CDDL HEADER START
 | |
| .\"
 | |
| .\" The contents of this file are subject to the terms of the
 | |
| .\" Common Development and Distribution License (the "License").
 | |
| .\" You may not use this file except in compliance with the License.
 | |
| .\"
 | |
| .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 | |
| .\" or https://opensource.org/licenses/CDDL-1.0.
 | |
| .\" See the License for the specific language governing permissions
 | |
| .\" and limitations under the License.
 | |
| .\"
 | |
| .\" When distributing Covered Code, include this CDDL HEADER in each
 | |
| .\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 | |
| .\" If applicable, add the following below this CDDL HEADER, with the
 | |
| .\" fields enclosed by brackets "[]" replaced with your own identifying
 | |
| .\" information: Portions Copyright [yyyy] [name of copyright owner]
 | |
| .\"
 | |
| .\" CDDL HEADER END
 | |
| .\"
 | |
| .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
 | |
| .\" Copyright 2011 Joshua M. Clulow <josh@sysmgr.org>
 | |
| .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
 | |
| .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
 | |
| .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
 | |
| .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
 | |
| .\" Copyright (c) 2014 Integros [integros.com]
 | |
| .\" Copyright 2019 Richard Laager. All rights reserved.
 | |
| .\" Copyright 2018 Nexenta Systems, Inc.
 | |
| .\" Copyright 2019 Joyent, Inc.
 | |
| .\"
 | |
| .Dd January 13, 2020
 | |
| .Dt ZFS-LOAD-KEY 8
 | |
| .Os
 | |
| .
 | |
| .Sh NAME
 | |
| .Nm zfs-load-key
 | |
| .Nd load, unload, or change encryption key of ZFS dataset
 | |
| .Sh SYNOPSIS
 | |
| .Nm zfs
 | |
| .Cm load-key
 | |
| .Op Fl nr
 | |
| .Op Fl L Ar keylocation
 | |
| .Fl a Ns | Ns Ar filesystem
 | |
| .Nm zfs
 | |
| .Cm unload-key
 | |
| .Op Fl r
 | |
| .Fl a Ns | Ns Ar filesystem
 | |
| .Nm zfs
 | |
| .Cm change-key
 | |
| .Op Fl l
 | |
| .Op Fl o Ar keylocation Ns = Ns Ar value
 | |
| .Op Fl o Ar keyformat Ns = Ns Ar value
 | |
| .Op Fl o Ar pbkdf2iters Ns = Ns Ar value
 | |
| .Ar filesystem
 | |
| .Nm zfs
 | |
| .Cm change-key
 | |
| .Fl i
 | |
| .Op Fl l
 | |
| .Ar filesystem
 | |
| .
 | |
| .Sh DESCRIPTION
 | |
| .Bl -tag -width ""
 | |
| .It Xo
 | |
| .Nm zfs
 | |
| .Cm load-key
 | |
| .Op Fl nr
 | |
| .Op Fl L Ar keylocation
 | |
| .Fl a Ns | Ns Ar filesystem
 | |
| .Xc
 | |
| Load the key for
 | |
| .Ar filesystem ,
 | |
| allowing it and all children that inherit the
 | |
| .Sy keylocation
 | |
| property to be accessed.
 | |
| The key will be expected in the format specified by the
 | |
| .Sy keyformat
 | |
| and location specified by the
 | |
| .Sy keylocation
 | |
| property.
 | |
| Note that if the
 | |
| .Sy keylocation
 | |
| is set to
 | |
| .Sy prompt
 | |
| the terminal will interactively wait for the key to be entered.
 | |
| Loading a key will not automatically mount the dataset.
 | |
| If that functionality is desired,
 | |
| .Nm zfs Cm mount Fl l
 | |
| will ask for the key and mount the dataset
 | |
| .Po
 | |
| see
 | |
| .Xr zfs-mount 8
 | |
| .Pc .
 | |
| Once the key is loaded the
 | |
| .Sy keystatus
 | |
| property will become
 | |
| .Sy available .
 | |
| .Bl -tag -width "-r"
 | |
| .It Fl r
 | |
| Recursively loads the keys for the specified filesystem and all descendent
 | |
| encryption roots.
 | |
| .It Fl a
 | |
| Loads the keys for all encryption roots in all imported pools.
 | |
| .It Fl n
 | |
| Do a dry-run
 | |
| .Pq Qq No-op
 | |
| .Cm load-key .
 | |
| This will cause
 | |
| .Nm zfs
 | |
| to simply check that the provided key is correct.
 | |
| This command may be run even if the key is already loaded.
 | |
| .It Fl L Ar keylocation
 | |
| Use
 | |
| .Ar keylocation
 | |
| instead of the
 | |
| .Sy keylocation
 | |
| property.
 | |
| This will not change the value of the property on the dataset.
 | |
| Note that if used with either
 | |
| .Fl r
 | |
| or
 | |
| .Fl a ,
 | |
| .Ar keylocation
 | |
| may only be given as
 | |
| .Sy prompt .
 | |
| .El
 | |
| .It Xo
 | |
| .Nm zfs
 | |
| .Cm unload-key
 | |
| .Op Fl r
 | |
| .Fl a Ns | Ns Ar filesystem
 | |
| .Xc
 | |
| Unloads a key from ZFS, removing the ability to access the dataset and all of
 | |
| its children that inherit the
 | |
| .Sy keylocation
 | |
| property.
 | |
| This requires that the dataset is not currently open or mounted.
 | |
| Once the key is unloaded the
 | |
| .Sy keystatus
 | |
| property will become
 | |
| .Sy unavailable .
 | |
| .Bl -tag -width "-r"
 | |
| .It Fl r
 | |
| Recursively unloads the keys for the specified filesystem and all descendent
 | |
| encryption roots.
 | |
| .It Fl a
 | |
| Unloads the keys for all encryption roots in all imported pools.
 | |
| .El
 | |
| .It Xo
 | |
| .Nm zfs
 | |
| .Cm change-key
 | |
| .Op Fl l
 | |
| .Op Fl o Ar keylocation Ns = Ns Ar value
 | |
| .Op Fl o Ar keyformat Ns = Ns Ar value
 | |
| .Op Fl o Ar pbkdf2iters Ns = Ns Ar value
 | |
| .Ar filesystem
 | |
| .Xc
 | |
| .It Xo
 | |
| .Nm zfs
 | |
| .Cm change-key
 | |
| .Fl i
 | |
| .Op Fl l
 | |
| .Ar filesystem
 | |
| .Xc
 | |
| Changes the user's key (e.g. a passphrase) used to access a dataset.
 | |
| This command requires that the existing key for the dataset is already loaded.
 | |
| This command may also be used to change the
 | |
| .Sy keylocation ,
 | |
| .Sy keyformat ,
 | |
| and
 | |
| .Sy pbkdf2iters
 | |
| properties as needed.
 | |
| If the dataset was not previously an encryption root it will become one.
 | |
| Alternatively, the
 | |
| .Fl i
 | |
| flag may be provided to cause an encryption root to inherit the parent's key
 | |
| instead.
 | |
| .Pp
 | |
| If the user's key is compromised,
 | |
| .Nm zfs Cm change-key
 | |
| does not necessarily protect existing or newly-written data from attack.
 | |
| Newly-written data will continue to be encrypted with the same master key as
 | |
| the existing data.
 | |
| The master key is compromised if an attacker obtains a
 | |
| user key and the corresponding wrapped master key.
 | |
| Currently,
 | |
| .Nm zfs Cm change-key
 | |
| does not overwrite the previous wrapped master key on disk, so it is
 | |
| accessible via forensic analysis for an indeterminate length of time.
 | |
| .Pp
 | |
| In the event of a master key compromise, ideally the drives should be securely
 | |
| erased to remove all the old data (which is readable using the compromised
 | |
| master key), a new pool created, and the data copied back.
 | |
| This can be approximated in place by creating new datasets, copying the data
 | |
| .Pq e.g. using Nm zfs Cm send | Nm zfs Cm recv ,
 | |
| and then clearing the free space with
 | |
| .Nm zpool Cm trim Fl -secure
 | |
| if supported by your hardware, otherwise
 | |
| .Nm zpool Cm initialize .
 | |
| .Bl -tag -width "-r"
 | |
| .It Fl l
 | |
| Ensures the key is loaded before attempting to change the key.
 | |
| This is effectively equivalent to running
 | |
| .Nm zfs Cm load-key Ar filesystem ; Nm zfs Cm change-key Ar filesystem
 | |
| .It Fl o Ar property Ns = Ns Ar value
 | |
| Allows the user to set encryption key properties
 | |
| .Pq Sy keyformat , keylocation , No and Sy pbkdf2iters
 | |
| while changing the key.
 | |
| This is the only way to alter
 | |
| .Sy keyformat
 | |
| and
 | |
| .Sy pbkdf2iters
 | |
| after the dataset has been created.
 | |
| .It Fl i
 | |
| Indicates that zfs should make
 | |
| .Ar filesystem
 | |
| inherit the key of its parent.
 | |
| Note that this command can only be run on an encryption root
 | |
| that has an encrypted parent.
 | |
| .El
 | |
| .El
 | |
| .Ss Encryption
 | |
| Enabling the
 | |
| .Sy encryption
 | |
| feature allows for the creation of encrypted filesystems and volumes.
 | |
| ZFS will encrypt file and volume data, file attributes, ACLs, permission bits,
 | |
| directory listings, FUID mappings, and
 | |
| .Sy userused Ns / Ns Sy groupused
 | |
| data.
 | |
| ZFS will not encrypt metadata related to the pool structure, including
 | |
| dataset and snapshot names, dataset hierarchy, properties, file size, file
 | |
| holes, and deduplication tables (though the deduplicated data itself is
 | |
| encrypted).
 | |
| .Pp
 | |
| Key rotation is managed by ZFS.
 | |
| Changing the user's key (e.g. a passphrase)
 | |
| does not require re-encrypting the entire dataset.
 | |
| Datasets can be scrubbed,
 | |
| resilvered, renamed, and deleted without the encryption keys being loaded (see the
 | |
| .Cm load-key
 | |
| subcommand for more info on key loading).
 | |
| .Pp
 | |
| Creating an encrypted dataset requires specifying the
 | |
| .Sy encryption No and Sy keyformat
 | |
| properties at creation time, along with an optional
 | |
| .Sy keylocation No and Sy pbkdf2iters .
 | |
| After entering an encryption key, the
 | |
| created dataset will become an encryption root.
 | |
| Any descendant datasets will
 | |
| inherit their encryption key from the encryption root by default, meaning that
 | |
| loading, unloading, or changing the key for the encryption root will implicitly
 | |
| do the same for all inheriting datasets.
 | |
| If this inheritance is not desired, simply supply a
 | |
| .Sy keyformat
 | |
| when creating the child dataset or use
 | |
| .Nm zfs Cm change-key
 | |
| to break an existing relationship, creating a new encryption root on the child.
 | |
| Note that the child's
 | |
| .Sy keyformat
 | |
| may match that of the parent while still creating a new encryption root, and
 | |
| that changing the
 | |
| .Sy encryption
 | |
| property alone does not create a new encryption root; this would simply use a
 | |
| different cipher suite with the same key as its encryption root.
 | |
| The one exception is that clones will always use their origin's encryption key.
 | |
| As a result of this exception, some encryption-related properties
 | |
| .Pq namely Sy keystatus , keyformat ,  keylocation , No and Sy pbkdf2iters
 | |
| do not inherit like other ZFS properties and instead use the value determined
 | |
| by their encryption root.
 | |
| Encryption root inheritance can be tracked via the read-only
 | |
| .Sy encryptionroot
 | |
| property.
 | |
| .Pp
 | |
| Encryption changes the behavior of a few ZFS
 | |
| operations.
 | |
| Encryption is applied after compression so compression ratios are preserved.
 | |
| Normally checksums in ZFS are 256 bits long, but for encrypted data
 | |
| the checksum is 128 bits of the user-chosen checksum and 128 bits of MAC from
 | |
| the encryption suite, which provides additional protection against maliciously
 | |
| altered data.
 | |
| Deduplication is still possible with encryption enabled but for security,
 | |
| datasets will only deduplicate against themselves, their snapshots,
 | |
| and their clones.
 | |
| .Pp
 | |
| There are a few limitations on encrypted datasets.
 | |
| Encrypted data cannot be embedded via the
 | |
| .Sy embedded_data
 | |
| feature.
 | |
| Encrypted datasets may not have
 | |
| .Sy copies Ns = Ns Em 3
 | |
| since the implementation stores some encryption metadata where the third copy
 | |
| would normally be.
 | |
| Since compression is applied before encryption, datasets may
 | |
| be vulnerable to a CRIME-like attack if applications accessing the data allow for it.
 | |
| Deduplication with encryption will leak information about which blocks
 | |
| are equivalent in a dataset and will incur an extra CPU cost for each block written.
 | |
| .
 | |
| .Sh SEE ALSO
 | |
| .Xr zfsprops 7 ,
 | |
| .Xr zfs-create 8 ,
 | |
| .Xr zfs-set 8
 |