set checksum algorithm in pool level #16428
-
|
Hi all, I was wondering if there is a way i can set checksum algorithm in the pool level. Existing zfs commands support setting checksum in the dataset level, but pool level metadata still using fletcher4. I was wondering if there is a way I could set cryptographic hash (e.g. SHA256, 512) for every block pointers in the storage pool? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
To what end? The primary reason to use a stronger checksum is to get stronger guarantees for things like dedup and nopwrite, and you can't usefully do either on pool metadata. None of the stronger algorithms are going to save you against someone malicious writing directly to the storage, since in that scenario they can extract the pool seed for the seeded checksums anyway. |
Beta Was this translation helpful? Give feedback.
-
|
IIRC when you use ZFS encryption it should cryptographically sign some of metadata, but I don't remember how high does it go up to the chain, may be only up to the dataset, since the pool-level metadata are not protected by any keys. |
Beta Was this translation helpful? Give feedback.
IIRC when you use ZFS encryption it should cryptographically sign some of metadata, but I don't remember how high does it go up to the chain, may be only up to the dataset, since the pool-level metadata are not protected by any keys.