[OpenIndiana-discuss] Solaris 11 Express available
Gabriel de la Cruz
gabriel.delacruz at gmail.com
Wed Nov 17 00:25:22 UTC 2010
Tom, I was meaning to keep Openindiana boot environment instead of
installing Solaris 11 fresh... but if there is a method to do it without
having alrready a preexisting OI or Opensolaris boot environment, I have to
admit that am not very familiar with the process.
Well encryption is not supported in the root pool right? So it shouldn't be
a problem either.
I have been encrypting system drives on Linux by using busybox; a minimal
system boots before decrypting the drives, once you enter the paraphrase the
real kernel (stored in the encrypted drive) boots. If Oracle ever supports
rootfs encryption I guess the decryption should happen anyway before the
actual boot environment loads, so It will be possible still to keep a
separate unencrypted one with OI... I guess the encryption will be handled
as a property of paticular zfs file system and wont involve the complete
pool... But I should really experiment all of that before even talking. I
did not tried or even read about S11 encryption. In linux filesystems you
should allways cover the drive with random data before encrypting, otherwise
the operation isn't safe enough (even /dev/urandom inst bullet proof, but
anything stronger was almost impossible to achieve without spending just
insane amount of time). I wonder how it happen on ZFS, probably it could
introduce new perspectives to encryption. it is a truly interesting subject.
On Wed, Nov 17, 2010 at 1:18 AM, Tom Kranz <tom at siliconbunny.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Gabriel de la Cruz wrote:
> > flexibility. Could it be a good practice to install Openindiana before
> > Solaris11?, so there is a roll back option? difficult to answer... I
> > they will keep the possibility to upgrade from Opensolaris for a while...
> Why? What's wrong with ZFS snapshots and rolling back to a different BE?
> As long as you're not upgrading your ZFS pools or messing around with
> them (and ZFS encryption is the only pressing thing for me that would
> force that) then I don't see why any of this would be a problem?
> - --
> Tom Kranz
> Email: tom at gaeltd.com Skype: siliconbunny
> Mobile: 07779 149281 Phone/fax: 01344 773240
> http://www.gaeltd.com http://www.linkedin.com/in/tomkranz
> -----BEGIN PGP SIGNATURE-----
> -----END PGP SIGNATURE-----
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
More information about the OpenIndiana-discuss