>Number: 161807 >Category: bin >Synopsis: [patch] add option for explicitly specifying metadata version >to geli >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 19 15:20:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Garrett Cooper >Release: 10-CURRENT >Organization: iXsystems, Inc. >Environment: FreeBSD fallout.local 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r226332M: Wed Oct 12 22:48:55 PDT 2011 root@fallout.local:/usr/obj/usr/src/sys/FALLOUT amd64 >Description: As discussed in this thread [1], geli currently hardcodes the metadata version to whatever's compiled into the binary. pjd@ suggested that a [-V metadata] option be added to override this [2]. The attached patch is based on that suggestion.
1. http://osdir.com/ml/freebsd-geom/2011-10/msg00075.html 2. http://osdir.com/ml/freebsd-geom/2011-10/msg00083.html >How-To-Repeat: >Fix: Patch attached with submission follows: Index: sbin/geom/class/eli/geom_eli.c =================================================================== --- sbin/geom/class/eli/geom_eli.c (revision 226241) +++ sbin/geom/class/eli/geom_eli.c (working copy) @@ -60,6 +60,7 @@ #define GELI_BACKUP_DIR "/var/backups/" #define GELI_ENC_ALGO "aes" +#define GELI_VERSION "6" static void eli_main(struct gctl_req *req, unsigned flags); static void eli_init(struct gctl_req *req); @@ -81,7 +82,7 @@ /* * Available commands: * - * init [-bhPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] prov + * init [-bhPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-V version] prov * label - alias for 'init' * attach [-dprv] [-j passfile] [-k keyfile] prov * detach [-fl] prov ... @@ -112,9 +113,10 @@ { 'l', "keylen", "0", G_TYPE_NUMBER }, { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, { 's', "sectorsize", "0", G_TYPE_NUMBER }, + { 'V', "eliversion", GELI_VERSION, G_TYPE_NUMBER }, G_OPT_SENTINEL }, - "[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] prov" + "[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov" }, { "label", G_FLAG_VERBOSE, eli_main, { @@ -128,6 +130,7 @@ { 'l', "keylen", "0", G_TYPE_NUMBER }, { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, { 's', "sectorsize", "0", G_TYPE_NUMBER }, + { 'V', "eliversion", GELI_VERSION, G_TYPE_NUMBER }, G_OPT_SENTINEL }, "- an alias for 'init'" @@ -673,9 +676,16 @@ return; } + version = gctl_get_intmax(req, "eliversion"); + if (G_ELI_VERSION_06 < version) { + gctl_error(req, "Invalid metadata version (must be between %d " + "and %d): %d", G_ELI_VERSION_00, G_ELI_VERSION_06, + version); + return; + } bzero(&md, sizeof(md)); strlcpy(md.md_magic, G_ELI_MAGIC, sizeof(md.md_magic)); - md.md_version = G_ELI_VERSION; + md.md_version = version; md.md_flags = 0; if (gctl_get_int(req, "boot")) md.md_flags |= G_ELI_FLAG_BOOT; Index: sbin/geom/class/eli/geli.8 =================================================================== --- sbin/geom/class/eli/geli.8 (revision 226241) +++ sbin/geom/class/eli/geli.8 (working copy) @@ -60,6 +60,7 @@ .Op Fl K Ar newkeyfile .Op Fl l Ar keylen .Op Fl s Ar sectorsize +.Op Fl V Ar eliversion .Ar prov .Nm .Cm label - an alias for @@ -319,6 +320,11 @@ Increasing sector size allows to increase performance, because we need to generate an IV and do encrypt/decrypt for every single sector - less number of sectors means less work to do. +.It Fl V Ar eliversion +Use a specific encryption metadata version when creating encrypted devices. +This defaults to whatever version was compiled into the +.Nm +binary. .El .It Cm attach Attach the given provider. >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
