On boot, I see "Encryption: AES-XTS 256", is it really encrypted?

Status
Not open for further replies.
TremorAcePV

TremorAcePV

Explorer
Joined
Jun 20, 2013
Messages
88
Title^

Specifically, this:

Code:
Apr 28 09:48:30 FREENAS kernel: ZFS filesystem version: 5
Apr 28 09:48:30 FREENAS kernel: ZFS storage pool version: features support (5000)
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Device da0p1.eli created.
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Encryption: AES-XTS 256
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI:    Crypto: hardware
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Device da1p1.eli created.
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Encryption: AES-XTS 256
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI:    Crypto: hardware
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Device da2p1.eli created.
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Encryption: AES-XTS 256
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI:    Crypto: hardware
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Device da3p1.eli created.
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI: Encryption: AES-XTS 256
Apr 28 09:48:30 FREENAS kernel: GEOM_ELI:    Crypto: hardware



I figure this is just due to my lack of knowledge of FreeNAS. Does it have built-in encryption regardless of whether or not I enable it?

Obviously it'd be generic encryption, but I figure it's so that only another FreeNAS system can import/mount the volumes. Rather than, say, Linux with ZFS installed.
 
A

aquawicket

Cadet
Joined
May 6, 2014
Messages
4
I got the same thing.. FreeNAS-9.2.1.5-RELEASE-x64 (80c1d35)

If I create a ZFS or a UFS volume WITHOUT encryption enabled, I still get encryption messages.

GEOM_ELI: Device twed2p1.eli created.
GEOM_ELI: Encryption: AES-XTS 256
GEOM_ELI: Crypto: hardware
 
S

ser_rhaegar

Patron
Joined
Feb 2, 2014
Messages
358
AES-XTS 256 is the encryption used on the swap partitions. These are always encrypted, regardless if your pool is.
AES-XTS 128 is what you will see for partitions that are part of a pool.

I'm not sure why only 128 is used on partitions in a pool while 256 is used for swap, never asked.

http://doc.freenas.org/index.php/Volumes#Encryption
 
DrKK

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
Just to be clear:

You're going to get these messages, period. Your pool is almost certainly *NOT* encrypted. Your CPU, however, supports hardware crypto, but believe me, if you were encrypting your pool, you'd know, because you'd have to decrypt it in order to mount the pool when you restarted the box.

See the manual on encryption. You can ignore these crypto messages on startup. Your pool is NOT encrypted until and unless you take the trouble to set up the whole thing.
 
Status
Not open for further replies.

Similar threads

H
  • Locked
Extending volume with encrypted disks failed and no longer accessable
Replies
3
Views
986
dlavigne
D
gessel
SOLVED Encrypted pool "locked" locked after (probable) reboot.
Replies
6
Views
2K
gessel
gessel
S
  • Locked
encryption in log when no encryption selected for new ZPool?
Replies
2
Views
920
skimon
S
B
  • Locked
Encryption?
Replies
3
Views
2K
buck442
B
G
  • Locked
How to tell if encryption is turned on
Replies
2
Views
1K
panz
panz
Top