> On 2023-01-05, Nathan Carruth <n.carr...@alum.utoronto.ca> wrote: >> Thank you for your response. >> >> To clarify: I am not asking about backups proper >> (though I appreciate the suggestions). My only >> question is how to make a copy of the crypto metadata. > >dd the start of the partition, it's stored 16 blocks (8k) into the partition >and for the current version of softraid it's 64 blocks (32k) long. > >But it's useless without the data so unless you are doing unsupported things >like poking at the softraid partition size, etc, and want to make a backup >before doing that then I don't see how it helps you. (And if you *are* doing >that then I'd hope you don't have to ask how to back it up first). > >And unless you detach the softraid device first (or don't attach in the first >place) it will be marked dirty.
Thank you, this is exactly what I was looking for. For the record: I want a way to save the metadata for restoration in case of accidental corruption. Security concerns aside, I don’t see why this is any different from backing up partition and disklabel information as Nick suggested. I understand both GELI and cgd provide standard and documented ways of doing this. When I first learned about header corruption in LUKS I was relieved that it wasn’t an issue in OpenBSD. Then a year later I suddenly learned otherwise — from a non-OpenBSD source. Given that one of the goals of the OpenBSD project is to produce reliable documentation, I would have expected that this kind of potential corruption would have been at least mentioned somewhere. Surely we don’t expect every user to read the code for all the software they use to be sure there are no well-known but undocumented data holes? Even just a line like this would be useful: “Note: bioctl(8) writes header information (such as salt values for crypto volumes) at the start of the original partition. See [relevant source file] for details. If this information should become corrupted, the softraid(4) volume will become unusable.” Thanks! Nathan PS I have been using OpenBSD since 2010. I like it very much in many ways, but I am distressed to find so potentially huge an issue completely undocumented.
