I understand the GELI, I think. It was encrypting the pool at the disk level, and anything that was in that pool was thus encrypted when the pool or disk was detached.
With GELI (and thus 11.3 and earlier), what was really happening when you chose to create a pool with encryption, was that partitions were being created and encrypted for each physical device in the vdev (ada0p2, ada1p2, ada2p2, etc). None of the encryption is done via ZFS itself. These encrypted block devices (ada0p2, ada1p2, ada2p2, etc) are decrypted with a keyfile or passphrase upon re-importing them, which makes them available for the zpool import; and naturally there is now transparent access to the ZFS metadata and data. Without first decrypting these partitions, there would be no zpool to import since the metadata is not yet available (just a bunch of "random" garbage.)
With the new native ZFS encryption, none of that applies anymore. The block devices (e.g, physical partitions) are left as-is, used to build vdevs, which are used to create a pool, and then any such encryption is left to the end-user on a per dataset level. Importing the pools does not first require any block devices to be decrypted: you can import a zpool with native ZFS encryption on its datasets and simply "skip" the prompt when it asks if you want to unlock the datasets upon import. This means you'll have successfully imported a zpool with a bunch of locked (inaccessible) datasets. With GELI, the step that requires decrypting the block devices first is mandatory: you cannot skip this step when trying to import a zpool.
The new ZFS encryption is at a data set level and may or may not inherit from the parent?
Pretty much yes. The way it is presented in TrueNAS 12 gives you the impression that you are creating an "encrypted pool" when you first create a pool. This is not true. It is simply giving you the option to encrypt the very top-level root dataset (which shares the same name as the pool name). This does not dictate what you can and cannot do with any other child or parent datasets later on. However, if you leave the default options when creating new datasets, it will by default "inherit" its parent's encryption options: when the new dataset is created it will generate a new
Master Key for itself, inherit the
Cipher of the parent (e.g, AES GCM), inherit the
Key Width of the parent (e.g, 256-bit), inherit the
Keyfile or
Passphrase of the parent, and inherit the
Iterations of the parent.
The following
CANNOT be changed later, at any time:
- Master Key
- Cipher
- Key Width
The following
CAN be changed after the dataset's initial creation, without affecting the saved data, files, and folders, simply by unchecking the "Inherit" box for the dataset's encryption properties:
- Keyfile
- Passphrase
- Iterations
TrueNAS 12 hides some of the underlying functionality from the end-user for the sake of behaving as an appliance, rather than an operating system that is configured and tweaked as you would a distro such as Ubuntu Linux or FreeBSD. This is why certain things seem counter-intuitive. Everything is supposed to be done in the GUI, not via the terminal. While it's possible to create your own crazy zpool and dataset hierarchies that mix and nest different types of encryption (and non-encryption) all over the place, it's not recommended and strays away from a smoother workflow. You could technically "create" a new zpool with an encrypted top-level root dataset, and then create a non-encrypted dataset immediately underneath it. The state of the root dataset (locked vs unlocked) does nothing to protect the data in the nested
non-encrypted dataset. The GUI may give the impression it does, because the parent is "locked" and
intuitively we assume that whatever is nested underneath a locked parent is inaccessible. (This is not the case, as no matter how deep a child dataset is nested, if it is
not encrypted its files and folders will always be accessible in the
plain.)
My goal is just to not need to worry about what's on the disk if I need to send it in for warranty replacement or when I retire it.
There is a caveat concerning native ZFS encryption vs traditional block device encryption: what is exposed to the public. I'll give my own summary understanding comparing three common options:
Native ZFS, at rest (or powered off):
- Inaccessible
- File Data
- File Names and Properties
- Sizes of individual files (unsure about this one)
- Directory listings and structures
- Logs (if logs are saved here)
- Accessible
- Encryption Options and Hashes
- ZFS Metadata and Options
- Number of Files and Blocks (via pointers and inodes) [1]
- Dataset Names
- Snapshot Names
- Free Space
- Used Space
LUKS, at rest (or powered off):
- Inaccessible
- File Data
- File Names and Properties
- Directory listings and structures
- Sizes of individual files and folders
- Number of files and folders
- Logs (if logs are saved here)
- Free Space (can be inferred if underlying devices were not filled with random data prior to creation)
- Used Space (can be inferred if underlying devices were not filled with random data prior to creation)
- File System and metadata within
- Accessible
- Encryption Options and Hashes
VeraCrypt container, at rest (or powered off):
- Inaccessible
- File Data
- File Names and Properties
- Directory listings and structures
- Sizes of individual files and folders
- Number of files and folders
- Logs (if logs are saved here)
- Free Space (container filled with random data upon creation)
- Used Space (container filled with random data upon creation)
- File System and metadata within
- Encryption Options and Hashes
- Accessible
- Apparently nothing, just a suspicious mess of random data [2]
[1] Seems like native ZFS encryption is "leakier" than I first suspected, but it makes sense considering it requires certain information and metadata in order to send and recv, create snapshots, scrub, etc, without requiring encrypted datasets to be unlocked.
[2] Until decrypted, a VeraCrypt partition/device appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it should be impossible to prove that a partition or a device is a VeraCrypt volume or that it has been encrypted.