[PATCH 0/2] PoC for zfs native encryption in pve-installer

[Gregor Michels]

Hello everybody !

I wanted to have a fully encrypted PVE instance utilising the native
encryption of zfs.

Unfortunately the PVE installer itself does not support this usecase.
There are various guides out there that do a vanilla install and then
use zfs send and receive to encrypt the rootfs.
But that is tedious manual work.

Therefore I looked into the pve-installer repository and glued this
proof of concept together.
Because the initramfs support for a zfs encrypted rootfs is already
upstream in debian (or openzfs I'm not sure) I only needed to modify the
pool creation commands in proxinstall.

I also added a rudimentary text field in the "Advanced Options" section
of the zfs partitioning wizard to be able to input a passphrase.

This is by no means a "finished" implementation.

If you want to support this usecase officially in the installer I would
love to finish up the implementation. There are also some design
decision left to discuss. I think the following todos exist:

* have two text fields for the passphrase, just like the root password
* let the user choose an encryption alogorithm, instead of the default
  shipped by OpenZFS
* enable "remote unblock" via ssh directly in the installer

Thank you in advance,
hirnpfirsich

Gregor Michels (2):
  zfs_create_rpool: add support for native encryption
  create_raid_advanced_grid: add text box for zfs native encryption

 proxinstall | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

-- 
2.20.1