Re: zpool geli encryption question

On Sun, Oct 15, 2023 at 6:39 AM void <void@f-m.fm> wrote:
>
> A machine periodically backs up bhyve volume-backed VMs like so:
>
> # zfs send ssdzfs/fbsd140R | gzip -c > /vol-backups/$(date '+%G.%m.%d_%H:%M').fbsd140R.gz
>
> This vm is zfs internally with geli encryption of both the fs and swap.
>
> The same backup routine applies to an openbsd vm. It has its own way of
> filesystem encryption.
>
> Both volumes are 64GB in size. On the host, both volumes use lz4.
>
> Surprisingly (to me at least), the freebsd backup results in a smaller
> size of archive. The openbsd one results in a slightly larger archive than
> its source.
>
> I'm expecting both archives to be slightly larger than their sources,
> because encrypted data is uncompressible.
>
> The freebsd archive is 19GB. The openbsd one is 65GB. Why is this?

How much of the FreeBSD VM's disk is actually in-use?  Maybe you are
using TRIM with FreeBSD, which punches holes in the host's ZFS
storage.  That would explain why compression seems to save space, even
though the data is encrypted.
-Alan