On Wed, Apr 27, 2011 at 06:37:59PM +0200, Christian Baer wrote: > Hi folks! > > A few days ago I installed a new drive that I would like to encrypt with > geli. It's one of the new ones with 4K sectors which means I have to > partition it differently than the older drives I have. > > What I did so far: > > gpart create -s gpt /dev/ad6 > gpart add -b 2048 -t freebsd-ufs /dev/ad6 > > That should align the partition correctly. > pjd wrote in a post, that geli uses more than one key for larger file > systems, so I am quite happy to create a single (2TB) partion and file > system. > > Due to the nature of the files that will mostly be stored on the drive > (digital photographs in raw format), my newfs will look something like > this (my idea): > > newfs -L raw -O ufs2 -U -f 4096 -b 32768 -i 2097152 /dev/ad6p1.eli > > An inode every 2^21 bytes should do fine. Most of the files on the drive > (I expect something like 90%) will be 7MB or larger. > > Any objections so far? Would it make sense to make the frags and blocks > even larger? > > Considering that, I'm wondering how to init geli, especially using the > -s option. > > geli init -e aes-xts -l 256 -s $NUMBER /dev/ad6p1 > > It stands to reason that $NUMBER should not be smaller than 4096 bytes > since the drive itself doesn't have anything smaller to offer. :-) What > would be a good value? 4096 or 32768 or something else? What does this > default to?
It defaults to reported sector size of the underlying provider, so 512 bytes, I guess. In my opinion 4096 is optimal. Larger sectors are problematic, because if sector size it is larger than page size various tools will have problems with mmap(2)ing files. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com
pgpVtcTcVaeNd.pgp
Description: PGP signature
