I'm in the process of decrypting my pool and seeing how FreeNAS stores the drive info in the sqlite database got me wondering... would there be any (performance) value in having an option to only encrypt enough drives to make the pool unusable? For example, if it's a RAIDZ2 pool then encrypt only 3 drives. It seems like this would have performance benefits in circumstances the number of drives in the pool surpasses the number of CPU cores that can perform AES-NI. Perhaps the most elegant solution would be a sliding scale which could range from the number of drives to make the pool unmountable all the way to all drives. The recommended/optimal level might set the number of encrypted drives match the number of CPU cores.
And yes, obviously this would allow partial data recovery for someone determined to get at it but I would think for some people this would be adequate for their use case (e.g. simple theft from home).
I'm asking because I was thinking of maybe contributing to FreeNAS by adding code to decrypt/encrypt existing pools and what I describe above is functionality that you sorta could get for free along the way, assuming offering it makes any sense....
-E
And yes, obviously this would allow partial data recovery for someone determined to get at it but I would think for some people this would be adequate for their use case (e.g. simple theft from home).
I'm asking because I was thinking of maybe contributing to FreeNAS by adding code to decrypt/encrypt existing pools and what I describe above is functionality that you sorta could get for free along the way, assuming offering it makes any sense....
-E