docs(zfs): Clarify reencryption in flight (#1)
This commit is contained in:
parent
930d5f4687
commit
10c9ae589f
@ -143,7 +143,7 @@ In order to generate a new master key after you've changed your user key as ment
|
||||
- We `zfs receive -F` destroying any target snapshots and file systems beyond the snapshot we're transferring. In this example the target `zpool/root/archlinux-frn` doesn't even exist so `-F` isn't necessary to clean anything up. It's just good practice.
|
||||
- With `-v` we get verbose progress output
|
||||
- Argument `-u` makes sure the dataset does not get mounted after transfer. ZFS would mount it into `/` which wouldn't be helpful since we're currently using that filesystem ourselves.
|
||||
- We set encryption properties `keyformat`, `keylocation` and most importantly `encryption`. The latter will turn our transferred dataset into its own `encryptionroot` which in turn generates a new master key. The auto-generated new master key gets wrapped with our updated passphrase in `keylocation`. This basically rekeys all data on our pool during transfer.
|
||||
- We set encryption properties `keyformat`, `keylocation` and most importantly `encryption`. The latter will turn our transferred dataset into its own `encryptionroot` which in turn generates a new master key. The auto-generated new master key gets wrapped with our updated passphrase in `keylocation`. This basically reencrypts all data in this dataset during transfer.
|
||||
- We set `mountpoint` and `canmount` as well as a `org.zfsbootmenu:commandline` as we would for any new system dataset.
|
||||
1. Change zpool's `bootfs` property to new system dataset
|
||||
```
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user