Vinny wrote:
Hello Everyone,
I've been reading up on geli and decided I wanted to
use data authentication. This involves the -a switch
on the geli init command. Here's what I've found:
===== No authentication (the disk size is correct @ 152G):
the/root{143}~# geli init da1
Enter new passphrase:
Reenter new passphrase:
the/root{144}~# geli attach da1
Enter passphrase:
the/root{147}~# newfs -N /dev/da1.eli
/dev/da1.eli: 152627.8MB (312581804 sectors) block size 16384, fragment
size 2048
using 831 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
160, 376512, 752864, ...
the/root{148}~# newfs /dev/da1.eli
/dev/da1.eli: 152627.8MB (312581804 sectors) block size 16384, fragment
size 2048
using 831 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
160, 376512, 752864, 1129216, ...
===== With hmac/sha256 (or any other) authentication
(small disk size 76G) :
the/root{156}~# geli init -a hmac/sha256 /dev/da1
Enter new passphrase:
Reenter new passphrase:
the/root{157}~#
the/root{157}~# geli attach da1
Enter passphrase:
the/root{159}~# newfs -N /dev/da1.eli
/dev/da1.eli: 76313.9MB (156290900 sectors) block size 16384, fragment
size 2048
using 416 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
160, 376512, 752864, ...
the/root{163}~# newfs /dev/da1.eli
/dev/da1.eli: 76313.9MB (156290900 sectors) block size 16384, fragment
size 2048
using 416 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
newfs: can't read old UFS1 superblock: read error from block device:
Invalid argument
the/root{110}~# geli dump -v da1
Metadata on da1:
magic: GEOM::ELI
version: 3
flags: 0x10
ealgo: AES-CBC
keylen: 128
aalgo: HMAC/SHA256
provsize: 160041885696
sectorsize: 512
keys: 0x01
iterations: 67988
Salt: c708
=====
Anyone know what I've done wrong? Is data authentication working?
Thanks!
Vinny
The eventual solution came from Richard Farr. A few messages
later and here are the results:
I Wrote;
> Hello Richard and Thanks! Sorry for my late reply.
>
> Richard Farr wrote:
>> Hi Vinny,
>>
>> I had this problem as well when trying to initialize a disk with GELI
>> and create slices/partitions/fs.
>>
>> I believe the problem is caused because the sectors of the newly
>> created GELI device still have whatever data was in them from before
>> the "geli init" command. Therefore, this data will not have the
>> correct mac inside of the sector. It looks like newfs attempts to
>> read from some of these unitialized sectors - causing a mac
>> verification failure and a read error. In order to fix this, simply
>> attach the geli device and then use dd to write to all sectors of the
>> device to update them with a correct mac:
>>
>> dd if=/dev/random of=/dev/da1.eli bs=8M
>>
>> Once this is done newfs should work like a charm.
> Indeed, the results follow, but I'd like to thank you
> for the solution. I had habitually used dd on
> the raw device before running geli init. That is,
>
> dd if=/dev/random of=/dev/da2 bs=1m
>
> Then I'd init it. Didn't occur to me that doing
> that on the da2.eli device would solve the newfs
> problem.
>
> The results:
>
> the/root{120}~# geli init -a hmac/sha256 /dev/da2
> Enter new passphrase:
> Reenter new passphrase:
> the/root{121}~# geli attach da2
> Enter passphrase:
>
> the/root{122}~# newfs -N /dev/da2.eli
> /dev/da2.eli: 977.0MB (2000876 sectors) block size 16384, fragment
size 2048
> using 6 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
> super-block backups (for fsck -b #) at:
> 160, 376512, 752864, 1129216, 1505568, 1881920
>
> the/root{123}~# newfs /dev/da2.eli
> /dev/da2.eli: 977.0MB (2000876 sectors) block size 16384, fragment
size 2048
> using 6 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
> newfs: can't read old UFS1 superblock: read error from block device:
> Invalid argument
>
>
>
> the/root{124}~# dd if=/dev/random of=/dev/da2.eli bs=1m
> load: 1.15 cmd: dd 96350 [physwr] 0.00u 30.56s 9% 1668k
> 747+0 records in
> 746+0 records out
> 782237696 bytes transferred in 322.992946 secs (2421841 bytes/sec)
> dd: /dev/da2.eli: short write on character device
> dd: /dev/da2.eli: end of device
> 977+0 records in
> 976+1 records out
> 1024450048 bytes transferred in 422.242968 secs (2426210 bytes/sec)
>
>
> the/root{125}~# newfs -N /dev/da2.eli
> /dev/da2.eli: 977.0MB (2000876 sectors) block size 16384, fragment
size 2048
> using 6 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
> super-block backups (for fsck -b #) at:
> 160, 376512, 752864, 1129216, 1505568, 1881920
>
> the/root{126}~# newfs /dev/da2.eli
> /dev/da2.eli: 977.0MB (2000876 sectors) block size 16384, fragment
size 2048
> using 6 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
> super-block backups (for fsck -b #) at:
> 160, 376512, 752864, 1129216, 1505568, 1881920
>
> Success!
>
> Vinny
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
