>Number: 152647 >Category: kern >Synopsis: Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at >offset" error >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 28 17:20:09 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Intensity >Release: 8.1-STABLE >Organization: >Environment: FreeBSD 8.1-STABLE-201011 FreeBSD 8.1-STABLE-201011 #0: Wed Nov 3 21:19:34 UTC 2010 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: I install a GELI+ZFS system as instructed at:
http://forums.freebsd.org/showthread.php?t=2775 However, I specify "-a HMAC/SHA512" to the geli command. In doing so from the live CD, that running GELI/ZFS setup seems to work just fine with no indication of a problem. However, when rebooting, perhaps some information about the GELI system is lost, since upon rebooting I get a multitude of errors looking like: GEOM_ELI: ad0s1a: 8192 bytes corrupted at offset 6455033856. When I follow the instructions again but without adding "-a HMAC/SHA512" then everything works. The authentication layer should add resilience, not create fatal problems in mounting the system. I'd recommend checking into this but also running tests on more elaborate setups. >How-To-Repeat: Follow the instructions at: http://forums.freebsd.org/showthread.php?t=2775 but add "-a HMAC/SHA512" to the geli command. >Fix: No known fix. The use of HMAC/SHA512 may not be popular or as well-tested. I understand that this level is redundant when the underlying ZFS provides checksums, but I wanted to do both. >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
