Encrypt swap space, whether it is a ZFS volume or raw device. Encryption ensures that any sensitive data, such as user passwords, are protected if the system needs to swap those pages out to disk.
# pfedit /etc/vfstab ... /dev/zvol/dsk/rpool/swap - - swap - no encrypted
# pktool setpin keystore=pkcs11 Enter token passphrase: ******** Create new passphrase: ************ Re-enter new passphrase: ************
# pktool genkey keystore=pkcs11 keytype=aes keylen=256 label=globalzone-key