From e4eba020b8469f79e2976daf8fedb7dc243f2f2e Mon Sep 17 00:00:00 2001
From: Richard Laager <rlaager@wiktel.com>
Date: Fri, 12 Apr 2019 03:58:44 -0500
Subject: [PATCH] Debian/Ubuntu: Update encryption notes

---
 Debian-Buster-Encrypted-Root-on-ZFS.md | 6 +++++-
 Debian-Buster-Root-on-ZFS.md           | 6 +++---
 Debian-Stretch-Root-on-ZFS.md          | 6 +++---
 Ubuntu-18.04-Root-on-ZFS.md            | 6 +++---
 4 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/Debian-Buster-Encrypted-Root-on-ZFS.md b/Debian-Buster-Encrypted-Root-on-ZFS.md
index ae7d9f0..8624208 100644
--- a/Debian-Buster-Encrypted-Root-on-ZFS.md
+++ b/Debian-Buster-Encrypted-Root-on-ZFS.md
@@ -20,7 +20,11 @@ If you need help, reach out to the community using the [zfs-discuss mailing list
 
 ## Encryption
 
-This guide supports two different encryption options: unencrypted and ZFS native encryption.
+This guide supports two different encryption options: unencrypted and ZFS native encryption. With either option, all ZFS features are fully available.
+
+Unencrypted does not encrypt anything, of course. With no encryption happening, this option naturally has the best performance.
+
+ZFS native encryption encrypts the data and most metadata in the root pool. It does not encrypt dataset or snapshot names. The boot pool is not encrypted at all, but it only contains the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. Performance is good. As the encryption happens in ZFS, even if multiple disks (mirror or raidz topologies) are used, the data only has to be encrypted once.
 
 ## Step 1: Prepare The Install Environment
 
diff --git a/Debian-Buster-Root-on-ZFS.md b/Debian-Buster-Root-on-ZFS.md
index 13b647d..8a95653 100644
--- a/Debian-Buster-Root-on-ZFS.md
+++ b/Debian-Buster-Root-on-ZFS.md
@@ -16,11 +16,11 @@ If you need help, reach out to the community using the [zfs-discuss mailing list
 
 ## Encryption
 
-This guide supports two different encryption options: unencrypted and LUKS (full-disk encryption). ZFS native encryption has not yet been released.
+This guide supports two different encryption options: unencrypted and LUKS (full-disk encryption). ZFS native encryption has not yet been released. With either option, all ZFS features are fully available.
 
-Unencrypted does not encrypt anything, of course. All ZFS features are fully available. With no encryption happening, this option naturally has the best performance.
+Unencrypted does not encrypt anything, of course. With no encryption happening, this option naturally has the best performance.
 
-LUKS encrypts almost everything: the OS, swap, home directories, and anything else. The only unencrypted data is the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. All ZFS features are fully available. Performance is good, but LUKS sits underneath ZFS, so if multiple disks (mirror or raidz topologies) are used, the data has to be encrypted once per disk.
+LUKS encrypts almost everything: the OS, swap, home directories, and anything else. The only unencrypted data is the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. Performance is good, but LUKS sits underneath ZFS, so if multiple disks (mirror or raidz topologies) are used, the data has to be encrypted once per disk.
 
 ## Step 1: Prepare The Install Environment
 
diff --git a/Debian-Stretch-Root-on-ZFS.md b/Debian-Stretch-Root-on-ZFS.md
index 7e64d19..19330b5 100644
--- a/Debian-Stretch-Root-on-ZFS.md
+++ b/Debian-Stretch-Root-on-ZFS.md
@@ -16,11 +16,11 @@ If you need help, reach out to the community using the [zfs-discuss mailing list
 
 ## Encryption
 
-This guide supports two different encryption options: unencrypted and LUKS (full-disk encryption). ZFS native encryption has not yet been released.
+This guide supports two different encryption options: unencrypted and LUKS (full-disk encryption). ZFS native encryption has not yet been released. With either option, all ZFS features are fully available.
 
-Unencrypted does not encrypt anything, of course. All ZFS features are fully available. With no encryption happening, this option naturally has the best performance.
+Unencrypted does not encrypt anything, of course. With no encryption happening, this option naturally has the best performance.
 
-LUKS encrypts almost everything: the OS, swap, home directories, and anything else. The only unencrypted data is the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. All ZFS features are fully available. Performance is good, but LUKS sits underneath ZFS, so if multiple disks (mirror or raidz topologies) are used, the data has to be encrypted once per disk.
+LUKS encrypts almost everything: the OS, swap, home directories, and anything else. The only unencrypted data is the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. Performance is good, but LUKS sits underneath ZFS, so if multiple disks (mirror or raidz topologies) are used, the data has to be encrypted once per disk.
 
 ## Step 1: Prepare The Install Environment
 
diff --git a/Ubuntu-18.04-Root-on-ZFS.md b/Ubuntu-18.04-Root-on-ZFS.md
index f458642..41faea2 100644
--- a/Ubuntu-18.04-Root-on-ZFS.md
+++ b/Ubuntu-18.04-Root-on-ZFS.md
@@ -15,11 +15,11 @@ If you need help, reach out to the community using the [zfs-discuss mailing list
 
 ## Encryption
 
-This guide supports two different encryption options: unencrypted and LUKS (full-disk encryption). ZFS native encryption has not yet been released.
+This guide supports two different encryption options: unencrypted and LUKS (full-disk encryption). ZFS native encryption has not yet been released. With either option, all ZFS features are fully available.
 
-Unencrypted does not encrypt anything, of course. All ZFS features are fully available. With no encryption happening, this option naturally has the best performance.
+Unencrypted does not encrypt anything, of course. With no encryption happening, this option naturally has the best performance.
 
-LUKS encrypts almost everything: the OS, swap, home directories, and anything else. The only unencrypted data is the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. All ZFS features are fully available. Performance is good, but LUKS sits underneath ZFS, so if multiple disks (mirror or raidz topologies) are used, the data has to be encrypted once per disk.
+LUKS encrypts almost everything: the OS, swap, home directories, and anything else. The only unencrypted data is the bootloader, kernel, and initrd. The system cannot boot without the passphrase being entered at the console. Performance is good, but LUKS sits underneath ZFS, so if multiple disks (mirror or raidz topologies) are used, the data has to be encrypted once per disk.
 
 ## Step 1: Prepare The Install Environment