We will be setting up a system for off site servers. All the hard disk data will be encrypted.
The plan is to have a two part boot (if possible).
The first part boots up and continually asks for the encryption keys so that it can decrypt the hard disks.
The second part is the actual production environment with is part of the encrypted section.
When a server first boots up we will ensure that there are no hackers near the box. Then we will manually provide the hard disk key to the off site server. The hard disk key will be encrypted with a secondary key. The secondary key will be replaced with a new secondary key which will be encrypted with the old secondary key. (it will actually be more elusive than this but there is no point in explaining that part)
My question is,, How can we boot to an encrypted partition of a disk without storing the disk encryption key on the machine?
If convenient, the first boot OS does not have to be Solaris.
It is very much preferrable that the encrypted filesystem for the second boot (production environment) is ZFS. and required that the second boot is Solaris.
Also, if convenient, the disk encryption key can be temporarily stored on the unencrypted partition and then deleted after the second boot up. (it would be cleaner if the key was never written to the disk but I am aware that it may be necessary to temporarily store it and change the GNU GRUB defaults and do a regular init 6)
Best Answer
There's no support for an encrypted ZFS boot filesystem yet:
http://hub.opensolaris.org/bin/view/Project+zfs-crypto/WebHome
You can encrypt everything else including the swap and dump, so if someone grabbed a drive, they could only get some useless OS files.