Debian: Add notes to encrypted HOWTO

- Properties are not encrypted. - Mention that passwords in /etc/fstab might be a concern.
2019-04-12 16:44:45 -05:00 · 2019-04-12 16:44:45 -05:00 · e3b63e3169
parent e4eba020b8
commit e3b63e3169
1 changed files with 1 additions and 1 deletions
--- a/Debian-Buster-Encrypted-Root-on-ZFS.md
+++ b/Debian-Buster-Encrypted-Root-on-ZFS.md
@ -24,7 +24,7 @@ This guide supports two different encryption options: unencrypted and ZFS native

 Unencrypted does not encrypt anything, of course. With no encryption happening, this option naturally has the best performance.

-ZFS native encryption encrypts the data and most metadata in the root pool. It does not encrypt dataset or snapshot names. The boot pool is not encrypted at all, but it only contains the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. Performance is good. As the encryption happens in ZFS, even if multiple disks (mirror or raidz topologies) are used, the data only has to be encrypted once.
+ZFS native encryption encrypts the data and most metadata in the root pool. It does not encrypt dataset or snapshot names or properties. The boot pool is not encrypted at all, but it only contains the bootloader, kernel, and initrd. (Unless you put a password in `/etc/fstab`, the initrd is unlikely to contain sensitive data.) The system cannot boot without the passphrase being entered at the console. Performance is good. As the encryption happens in ZFS, even if multiple disks (mirror or raidz topologies) are used, the data only has to be encrypted once.

 ## Step 1: Prepare The Install Environment