Rob Norris

@jittygitty there's no code in ZFS right now that can call into the kernel crypto API, regardless of how you build it - you will always be using the ICP...

We talked about this at the 31 Jan call. Feedback was generally favourable, thanks all! I was waiting to check my notes against the recording but that hasn't surfaced yet...

I did all the testing I wanted to do with a view to adding a feature flag. I created a new pool on Linux with master 620a977f2 + this PR,...

I did further send/receive testing as well. When sender and receiver both support chapoly, it works exactly as it does for AES - raw send doesn't require the dataset loaded...

> I find this feature usefull and would help with this PR if you want. @mcmilk sorry I missed this! Thanks! At this point I don't think there's much else...

Ehh, I've got my brain in backwards this evening. A feature in the dataset isn't going to make an old implementation magically able to cope with it. That said, I'll...

Alright, lets slow down a bit. I spent a lot of time reviewing the available Chacha20 and Poly1305 implementations. I was coming at it from the perspective that we are...

> That on "linux won't provide us much" because of GPL-Only symbol restrictions? While BSD/Mac/Win would allow using their kernel implementations? Or did you mean something else was the issue...

I've nothing else to add here. It works, it seems to be fit for purpose, and I think sets a good base for further work. I commend it to the...

What happens if you clone across datasets, and then use `zfs change-key` to make one of them into its own encryption root?