On Thu, Jan 05, 2023 at 05:13:05AM +0000, Nathan Carruth wrote: > I presume that OpenBSD also writes on-disk metadata of the > same sort somewhere. Where?
Look at /usr/src/sys/dev/softraidvar.h. The structures that contain the softraid metadata are defined there. There is general softraid metadata, and crypto specific metadata. These are stored near the beginning of the RAID partition as defined in the disklabel. In fact, they are SR_META_OFFSET blocks from the start, which is currently 8192 bytes. You can also look at this on your own disk with dd and hexdump to familiarise yourself with what the layout looks like, (useful for future reference). Or read my article about resizing softraid volumes for some examples. > I know I could dig this out of > the source code The source code is the definitive reference. And it can change. > As it stands, the documentation gives no hint that softraid > crypto gives any additional risk of data loss. Just about any additional layer on top of a storage volume increases the complexity of the system, which some people might regard as 'additional risk'. This is in no way specific to softraid crypto. > If there are in > fact e.g. salt values written in an unknown location on the > disk It's not unknown, it's documented quite clearly in the source code. > whose loss renders THE ENTIRE DISK cryptographically > inaccessible, surely this ought to be documented somewhere? By definition, losing the salt value used with any effective crypto system _should_ make it inaccessible! This is even considered a feature, because you can effectively erase the disk just by destroying the metadata. > While I agree with you that there are > definite security risks in backing up such metadata, surely > the decision as to what to do ought to be left to the end user, > rather than being enforced by lack of documentation? The source code is the definitive documentation. Backing up, restoring or otherwise messing with the softraid metadata without using the standard tools is an advanced subject, so it's quite reasonable to expect anybody wanting to do this to read and understand the source rather than having it spelt out in a manual page or other documentation. If it was documented elsewhere, that documentation would have to be kept up to date with the current source, otherwise it could end up causing more problems than it solves. In any case, what you are proposing to do, (back up the softraid crypto metadata), is almost certainly a waste of time, as it is extremely unlikely that you will ever be in a situation where such a backup would be useful. Additionally, if you _do_ decide to go ahead with this, then in the very unlikely event that you corrupt the metadata on the main disk and want to restore it from a backup, please do your research _before_ trying to restore it. It would be very easy to corrupt the disk further by dd'ing the wrong data to the wrong place. There have been a lot of posts to the mailing lists in the past by people who have tried to fix disk partitioning problems by themselves and made the situation worse. What you are proposing sounds to me like a foot gun.
