From owner-freebsd-geom@FreeBSD.ORG Sun Jul 31 13:59:24 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85EF716A41F; Sun, 31 Jul 2005 13:59:24 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DD6043D49; Sun, 31 Jul 2005 13:59:24 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.11/8.12.11) with ESMTP id j6VDxNW5087524; Sun, 31 Jul 2005 09:59:23 -0400 (EDT) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.11/8.12.11/Submit) id j6VDxKjn087523; Sun, 31 Jul 2005 09:59:20 -0400 (EDT) (envelope-from afields) Date: Sun, 31 Jul 2005 09:59:19 -0400 From: Allan Fields To: Poul-Henning Kamp Message-ID: <20050731135919.GA43753@afields.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Cc: Pawel Jakub Dawidek , freebsd-geom , freebsd-hackers , freebsd-security , Alexander Leidinger , "Ronnel P. Maglasang" Subject: Kernel Source Divergence, Security (was: booting gbde-encrypted filesystem) X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jul 2005 13:59:24 -0000 On Fri, Jul 29, 2005 at 01:52:40PM +0200, Poul-Henning Kamp wrote: > In message <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net>, Alexander Leidinger writes: > >Pawel Jakub Dawidek wrote: > > > >> This is not not possible with current GBDE. > >> I've patches which allows this here: > >> > >> http://people.freebsd.org/~pjd/patches/gbde.patch > > > >I fail to see how this allows an encryted root-FS, it doesn't add gbde > >support to boot0(ext) or to the loader. It needs access to an unencrypted > >kernel. I don't think this is what Ronnel had in mind (overlooking the fact > >that his suggestion to save the passphrase in the loader is insecure). > > There is a difference between loading the kernel from an encrypted volume > (very hard!) and mounting the root filesystem from an encrypted volume > (possible with pawels patch. > > Now of course, if your kernel has been trojaned, you're in trouble, but > then again, most people just worry about their data if the machine gets > stolen. Yes, this is all very nice, but when is someone actually going to commit it? ;) I don't think it wise to have GBDE and GEOM subsystems which are rather central to the system require too much fussing around with patches, this makes the admin's job harder and makes us developers look lazy (though I know it not to be the case for GEOM folks). Can we decide on something and get it in the main kernel source tree? Further forking the BSD kernel: (sarcasm implied) Either that or can we fork GBDE (and other subsystems) into three (up to inf.) different concurrent implementations and maintain kernel build "knobs" to customize which version is compiled? I'll admit I haven't submitted some of the hacks to GBDE I'd like to see integrated into the tree, mostly to avoid these types of issues, where I'd like to see certain features completely implemented before I post patches. And then I have the concern: if I post patches, will they ever get committed? Should I just wait for an official implementation by core GEOM developers -- but even pjd isn't committing some work, why not? I don't like to get bogged down patching source manually, unless I have to and I've even explored using a shell script to maintain FreeBSD kernel source trees, which I still haven't posted on list. But, who has time to polish a shell script up when you have $N tasks? -- My latest life-wide TODO list (including some history and various notes): 3977 22204 148955 20050517 Further FYI: It's called srctag and is my attempt at automating/unifying kernel source tree management. Again I'll reference BSDCan 2004 slides, but this is rather vain absent my posting the script. ;) The idea would be to reinforce/automate checkout/build process from potentially heterogenous source code collections (cvs,cvsup,perforce,rsync, nfs, patches, etc.) and maintain a properly labelled/date-time stamped directory which merges the collected source, patches, etc. ready for build/install.) Potentially local modifications could be captured avoiding cvs clumbsiness. At one point I thought of using union mounts to combine trees/capture changes, but can this just as easily be done using standard diff/patch mechanisms? Some of my gbde work is obviously still not finished, due to time constraints. Though I don't intend to wait all-the-way for the gbde "mega-patch" if I get around to finishing. ( I thought of holding off until I do something important enough which really can't be rejected on specific small merits alone.. ;) Though, I don't think this is the Open Source commit early/often collaborative model. I'd rather not ram my code design choices into a big ball of code, even if I think I'm doing the "right thing" so I'll post on-list in hopes of getting feedback like I emailed phk about gbde root implementation ideas. Still taste seems best. ) Another thing on my TODO list as discussed with mdod at BSDCan is possibility of PAMifying gbde(8) and generally looking at kernel side key store/management issues. The idea of hardware integration / support was discussed and it might be beneficial to find out some way to use generic hardware in configuration as an affordable HSM w/ some degree of key protection. I've also now been tracking the ongoing work on Linux side with interest to adoption. Both device level and vnode level solutions are valid and of interest. There was a presentation on TCG (IBM Trusted Computing hardware) including coverage of TPM, etc. On the vnode level there is work toward an integrated solution (eCryptFS) on the Linux side, I might have an interest in porting this to FreeBSD and vice-versa for all applicable technologies. One thing is clear, if I plan on proactively deploying GBDE in a production environment or promoting it's use, I'd like some assurance I'll be able to count on coordinated development with timely response to security or other patches. The current state of gbde bugs/PRs is something I'd like to help get resolved if I select gbde for wider adoption. People trying and failing to use GBDE is of concern to me being interested in wider disk encryption use. In the past I've tried to help on list, but I think time constraints would prevent me from doing much specific support work unpaid. Also, I have a number of "legacy" volumes, personally which use my patch for password input which is different than pjd's solution so I have to build a different gbde(8) binary each time I rebuild world on that machine. I've noted that perforce might further the divide. I recognize it's meant as an experimental code base and it's great if people make something work in their kernel tree, but if it takes too long to merge back into CVS (especially when it is requested/working feature) then that can be prohibitive. I don't fully grok perforce yet, it's time consuming learning all these systems. What ever happened to plain old CVS? (lacking as it can be construed..) Can't developers settle on one source management tool (per project at least)? I attended a presentation at Desktop Developers' Con. 2005 here in Ottawa where this issue was discussed wrt Open Source desktop developers. IMO, this issue of source management lacking central coordination can only hobble the best intentions of Open Source authors. How many systems do we have now? 10,11,12 and you (source maintainers) expect me to install and use _all_ of these in addition to keeping track of regular patches if I want to contribute or use most recent source tree from the projects? (Note this is not a FreeBSD specific problem and FreeBSD isn't _that_ bad off.) I note that KDE is now on svn and Linux is moving off bk to mercurial (or is it git)? I heard supposedly bk stopped working for people due to some commercial decisions made? So, on the one hand I advocate better source management tools; but as a user, I note these source management issues are general impediments to my progress and could also slow down developers/stifle contribution. > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- Allan Fields (afields) - Ottawa, Canada (45"10'N 75"56'W) Himeji Systems http://himejisystems.com Afields Research/AFRSL http://afields.ca 2D4F 6806 D307 0889 6125 C31D F745 0D72 39B4 5541 From owner-freebsd-geom@FreeBSD.ORG Sun Jul 31 14:07:30 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95B8016A41F; Sun, 31 Jul 2005 14:07:30 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from haven.freebsd.dk (haven.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F81243D48; Sun, 31 Jul 2005 14:07:30 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (unknown [192.168.48.2]) by haven.freebsd.dk (Postfix) with ESMTP id AB291BC69; Sun, 31 Jul 2005 14:07:27 +0000 (UTC) To: Allan Fields From: "Poul-Henning Kamp" In-Reply-To: Your message of "Sun, 31 Jul 2005 09:59:19 EDT." <20050731135919.GA43753@afields.ca> Date: Sun, 31 Jul 2005 16:07:27 +0200 Message-ID: <10601.1122818847@phk.freebsd.dk> Sender: phk@phk.freebsd.dk Cc: Pawel Jakub Dawidek , freebsd-geom , freebsd-hackers , freebsd-security , Alexander Leidinger , "Ronnel P. Maglasang" Subject: Re: Kernel Source Divergence, Security (was: booting gbde-encrypted filesystem) X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jul 2005 14:07:30 -0000 In message <20050731135919.GA43753@afields.ca>, Allan Fields writes: >Yes, this is all very nice, but when is someone actually going to >commit it? ;) I'm (as always) short of time, and GBDE is not the top priority for me for the time being. So I am more than happy to see people band together and improve gbde. The main work necessary is to polish the userland program and that is relatively trivial programming, so anyone should be able to pick that up: just go for it. Giving gbde a taste function so that the root filesystem can be protected by GBDE, this is also OK by me in principle, but I'd like to review the patch before it gets committed because there are a large number of dragons. In P4:phk_gbde there is the beginning of hw-crypto support through opencrypto(9), if somebody wants to work on that, get in touch with me. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-geom@FreeBSD.ORG Sun Jul 31 15:08:48 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFAC616A41F; Sun, 31 Jul 2005 15:08:47 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06C8643D48; Sun, 31 Jul 2005 15:08:47 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 68E02ACBD2; Sun, 31 Jul 2005 17:08:45 +0200 (CEST) Date: Sun, 31 Jul 2005 17:08:45 +0200 From: Pawel Jakub Dawidek To: Poul-Henning Kamp Message-ID: <20050731150845.GJ636@darkness.comp.waw.pl> References: <20050731135919.GA43753@afields.ca> <10601.1122818847@phk.freebsd.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gMR3gsNFwZpnI/Ts" Content-Disposition: inline In-Reply-To: <10601.1122818847@phk.freebsd.dk> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 Cc: freebsd-geom , freebsd-hackers , freebsd-security , Allan Fields , Alexander Leidinger , "Ronnel P. Maglasang" Subject: Re: Kernel Source Divergence, Security (was: booting gbde-encrypted filesystem) X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jul 2005 15:08:48 -0000 --gMR3gsNFwZpnI/Ts Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 31, 2005 at 04:07:27PM +0200, Poul-Henning Kamp wrote: +> In message <20050731135919.GA43753@afields.ca>, Allan Fields writes: +>=20 +> >Yes, this is all very nice, but when is someone actually going to +> >commit it? ;) +>=20 +> I'm (as always) short of time, and GBDE is not the top priority +> for me for the time being. +>=20 +> So I am more than happy to see people band together and improve +> gbde. +>=20 +> The main work necessary is to polish the userland program and that +> is relatively trivial programming, so anyone should be able to pick +> that up: just go for it. +>=20 +> Giving gbde a taste function so that the root filesystem can be +> protected by GBDE, this is also OK by me in principle, but I'd like +> to review the patch before it gets committed because there are a +> large number of dragons. +>=20 +> In P4:phk_gbde there is the beginning of hw-crypto support through +> opencrypto(9), if somebody wants to work on that, get in touch with +> me. I'm starting to wonder if we couldn't create one storage-crypto-base and rewrite gbde, geli on top of it. geli(8) is complete, ie. you can use any command on attached and detached providers, you can backup your metadata, protect your passphrase with PKCS#5v2, use files as a key part, etc. gbde(8) (userland tool) is not finished (all those things I've in geli already are on its todo list). I've plan for another crypto-storage class, which will provide privacy and integrity verification (the very thing we are missing now). I want another class, because it will be slower than geli in both crypto-time and disk-access-time aspects. Another possibility is to integrate two classes and allow user to decide if he wants privacy, integrity verification or both. If someone can spend time on integreting gbde crypto scheme into geli where userland part is complete, where crypto(9) is used already, etc. that'd be cool. The truth is, that the main difference between gbde/geli is how crypto is used on disk, the other elements (managing keys, protecting passphrases, metadata backups, encrypted root partition, etc.) are or could be the same. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --gMR3gsNFwZpnI/Ts Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFC7Ol9ForvXbEpPzQRAi4TAJ9CF+1bk001L51nLuv1W1zyZvlX9ACeOD0Z kn+CkQGHGOlJE3grlw5YElk= =TU/M -----END PGP SIGNATURE----- --gMR3gsNFwZpnI/Ts-- From owner-freebsd-geom@FreeBSD.ORG Sun Jul 31 15:11:22 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47C4216A420; Sun, 31 Jul 2005 15:11:22 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from haven.freebsd.dk (haven.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F3EF43D48; Sun, 31 Jul 2005 15:11:19 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (unknown [192.168.48.2]) by haven.freebsd.dk (Postfix) with ESMTP id A5A47BC66; Sun, 31 Jul 2005 15:11:16 +0000 (UTC) To: Pawel Jakub Dawidek From: "Poul-Henning Kamp" In-Reply-To: Your message of "Sun, 31 Jul 2005 17:08:45 +0200." <20050731150845.GJ636@darkness.comp.waw.pl> Date: Sun, 31 Jul 2005 17:11:16 +0200 Message-ID: <10880.1122822676@phk.freebsd.dk> Sender: phk@phk.freebsd.dk Cc: freebsd-geom , freebsd-hackers , freebsd-security , Allan Fields , Alexander Leidinger , "Ronnel P. Maglasang" Subject: Re: Kernel Source Divergence, Security (was: booting gbde-encrypted filesystem) X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jul 2005 15:11:22 -0000 In message <20050731150845.GJ636@darkness.comp.waw.pl>, Pawel Jakub Dawidek writes: >I'm starting to wonder if we couldn't create one storage-crypto-base >and rewrite gbde, geli on top of it. Could be, it all depends how much you actually gain from generalizing common code. Best way to find out is to try :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-geom@FreeBSD.ORG Sun Jul 31 19:01:13 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBF2216A41F for ; Sun, 31 Jul 2005 19:01:13 +0000 (GMT) (envelope-from xride@x12.dk) Received: from swip.net (mailfe07.swip.net [212.247.154.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B45543D58 for ; Sun, 31 Jul 2005 19:01:12 +0000 (GMT) (envelope-from xride@x12.dk) X-T2-Posting-ID: lkM/Dn7LTUP9vUt2XCoVCw== Received: from x12.dk ([83.72.97.237] verified) by mailfe07.swip.net (CommuniGate Pro SMTP 4.3.4) with ESMTP id 240677112 for freebsd-geom@freebsd.org; Sun, 31 Jul 2005 21:01:11 +0200 Received: from localhost (unknown [127.0.0.1]) by x12.dk (Postfix) with ESMTP id EE94C5081A for ; Sun, 31 Jul 2005 21:00:48 +0200 (CEST) Received: from x12.dk ([127.0.0.1]) by localhost (x12.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41936-09 for ; Sun, 31 Jul 2005 20:59:26 +0200 (CEST) Received: from x12.dk (localhost [127.0.0.1]) by x12.dk (Postfix) with ESMTP for ; Sun, 31 Jul 2005 20:59:26 +0200 (CEST) Received: from localhost (xride@localhost) by x12.dk (8.13.3/8.13.3/Submit) with ESMTP id j6VIxPPh042732 for ; Sun, 31 Jul 2005 20:59:26 +0200 (CEST) (envelope-from xride@x12.dk) Date: Sun, 31 Jul 2005 20:59:25 +0200 (CEST) From: Soeren Straarup To: freebsd-geom@freebsd.org Message-ID: <20050731180839.X30022@x12.dk> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1556572818-1122836365=:30022" X-Virus-Scanned: amavisd-new at x12.dk Subject: geomgui graphical view of te geom layer X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jul 2005 19:01:13 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1556572818-1122836365=:30022 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE Hi I'm writting on a graphical viewer of the geom layer. Is that something that someone out there would use? \S=F8ren Soeren Straarup | aka OZ2DAK aka Xride FreeBSD wannabe | FreeBSD since 2.2.6-R 'We wanted to believe. But the tools had been taken away..' Mulder --0-1556572818-1122836365=:30022-- From owner-freebsd-geom@FreeBSD.ORG Mon Aug 1 07:50:33 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95BF616A41F for ; Mon, 1 Aug 2005 07:50:33 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id B496743D46 for ; Mon, 1 Aug 2005 07:50:32 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from localhost (dlw49.neoplus.adsl.tpnet.pl [83.24.52.49]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id AAD3A1A990D; Mon, 1 Aug 2005 07:47:20 +0200 (CEST) Date: Mon, 1 Aug 2005 07:46:49 +0200 From: Pawel Jakub Dawidek To: Rex Roof Message-ID: <20050801054649.GA99588@anger.dawidek.net> References: <6afb69aa05072908274b317a86@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline In-Reply-To: <6afb69aa05072908274b317a86@mail.gmail.com> User-Agent: Mutt/1.4.2.1i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 Cc: freebsd-geom@freebsd.org Subject: Re: errors with gstripe of gmirror configuration X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2005 07:50:33 -0000 --AqsLC8rIMeq19msA Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 29, 2005 at 11:27:44AM -0400, Rex Roof wrote: +> these are the errors I've been getting: +>=20 +> ad16: FAILURE - out of memory in start +> ad12: FAILURE - out of memory in start +> ad12: FAILURE - out of memory in start +> ad8: FAILURE - out of memory in start +> ad12: FAILURE - out of memory in start +> ad12: FAILURE - out of memory in start +> ad16: FAILURE - out of memory in start +> ad4: FAILURE - out of memory in start +> ad12: FAILURE - out of memory in start +> ad4: FAILURE - out of memory in start +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ufs_rename: fvp =3D=3D tvp (can't happen) +> ad6: FAILURE - out of memory in start Looks like the problem (not related to gstripe/gmirror) recently reported by julian@. I'm afraid best you can do is to wait for a patch. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC7bdJForvXbEpPzQRAtKpAKCuen9m1ff62q3f1+CubRvh5tCDPQCg5mPH kktWfFuEyshNFMTnnfWe8ZE= =g9kT -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- From owner-freebsd-geom@FreeBSD.ORG Mon Aug 1 11:01:55 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EE4916A420 for ; Mon, 1 Aug 2005 11:01:55 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28DA943D4C for ; Mon, 1 Aug 2005 11:01:55 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j71B1tWc017135 for ; Mon, 1 Aug 2005 11:01:55 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j71B1sNT017129 for freebsd-geom@freebsd.org; Mon, 1 Aug 2005 11:01:54 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 1 Aug 2005 11:01:54 GMT Message-Id: <200508011101.j71B1sNT017129@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-geom@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2005 11:01:55 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/02/26] bin/78131 geom gbde "destroy" not working. o [2005/03/26] kern/79251 geom [2TB] newfs fails on 2.6TB gbde device 2 problems total. From owner-freebsd-geom@FreeBSD.ORG Mon Aug 1 15:33:38 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E6C416A41F for ; Mon, 1 Aug 2005 15:33:38 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFB4F43D46 for ; Mon, 1 Aug 2005 15:33:37 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.11/8.12.11) with ESMTP id j71FXaWv092222; Mon, 1 Aug 2005 11:33:36 -0400 (EDT) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.11/8.12.11/Submit) id j71FXa4h092221; Mon, 1 Aug 2005 11:33:36 -0400 (EDT) (envelope-from afields) Date: Mon, 1 Aug 2005 11:33:36 -0400 From: Allan Fields To: Soeren Straarup Message-ID: <20050801153336.GC43753@afields.ca> References: <20050731180839.X30022@x12.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050731180839.X30022@x12.dk> User-Agent: Mutt/1.4i Cc: freebsd-geom@freebsd.org Subject: Re: geomgui graphical view of te geom layer X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2005 15:33:38 -0000 On Sun, Jul 31, 2005 at 08:59:25PM +0200, Soeren Straarup wrote: > > Hi > > I'm writting on a graphical viewer of the geom layer. > Is that something that someone out there would use? YES. I look forward to this. What language/gui toolkit? > > \S?ren > > Soeren Straarup | aka OZ2DAK aka Xride > FreeBSD wannabe | FreeBSD since 2.2.6-R > 'We wanted to believe. But the tools > had been taken away..' Mulder Thanks, -- Allan Fields From owner-freebsd-geom@FreeBSD.ORG Mon Aug 1 20:15:56 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC6CA16A41F for ; Mon, 1 Aug 2005 20:15:56 +0000 (GMT) (envelope-from xride@x12.dk) Received: from swip.net (mailfe02.swip.net [212.247.154.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id F05AD43D45 for ; Mon, 1 Aug 2005 20:15:55 +0000 (GMT) (envelope-from xride@x12.dk) X-T2-Posting-ID: lkM/Dn7LTUP9vUt2XCoVCw== Received: from x12.dk ([83.72.97.237] verified) by mailfe02.swip.net (CommuniGate Pro SMTP 4.3.4) with ESMTP id 424262194; Mon, 01 Aug 2005 22:15:54 +0200 Received: from localhost (unknown [127.0.0.1]) by x12.dk (Postfix) with ESMTP id E13505081A; Mon, 1 Aug 2005 22:15:31 +0200 (CEST) Received: from x12.dk ([127.0.0.1]) by localhost (x12.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56974-02; Mon, 1 Aug 2005 22:14:09 +0200 (CEST) Received: from x12.dk (localhost [127.0.0.1]) by x12.dk (Postfix) with ESMTP; Mon, 1 Aug 2005 22:14:09 +0200 (CEST) Received: from localhost (xride@localhost) by x12.dk (8.13.3/8.13.3/Submit) with ESMTP id j71KE67C057132; Mon, 1 Aug 2005 22:14:09 +0200 (CEST) (envelope-from xride@x12.dk) Date: Mon, 1 Aug 2005 22:14:06 +0200 (CEST) From: Soeren Straarup To: Allan Fields In-Reply-To: <20050801153336.GC43753@afields.ca> Message-ID: <20050801221046.E56193@x12.dk> References: <20050731180839.X30022@x12.dk> <20050801153336.GC43753@afields.ca> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1561461529-1122927246=:56193" X-Virus-Scanned: amavisd-new at x12.dk Cc: freebsd-geom@freebsd.org Subject: Re: geomgui graphical view of te geom layer X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2005 20:15:56 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1561461529-1122927246=:56193 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Mon, 1 Aug 2005, Allan Fields wrote: > On Sun, Jul 31, 2005 at 08:59:25PM +0200, Soeren Straarup wrote: >> >> Hi >> >> I'm writting on a graphical viewer of the geom layer. >> Is that something that someone out there would use? > > YES. > > I look forward to this. What language/gui toolkit? http://xride.dk/pub/geomgui-port-0.3.tar.gz That is an alpha port of geomgui. it reads xml in via sysctl and then parses it through geom_xml2tree then a mud of geom_xml2tree and the dot creator from the kernel. I still need to update the program to use sbufs.. it is pretty unsafed programmed atm. but again it can by runned as a normal user. > >> >> \S?ren >> >> Soeren Straarup | aka OZ2DAK aka Xride >> FreeBSD wannabe | FreeBSD since 2.2.6-R >> 'We wanted to believe. But the tools >> had been taken away..' Mulder > > > Thanks, > --=20 > Allan Fields > \S=F8ren Soeren Straarup | aka OZ2DAK aka Xride FreeBSD wannabe | FreeBSD since 2.2.6-R 'We wanted to believe. But the tools had been taken away..' Mulder --0-1561461529-1122927246=:56193-- From owner-freebsd-geom@FreeBSD.ORG Tue Aug 2 02:22:51 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D293816A41F; Tue, 2 Aug 2005 02:22:51 +0000 (GMT) (envelope-from rmaglasang@infoweapons.com) Received: from ws2.infoweapons.com (ws2.infoweapons.com [203.177.161.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25EA443D45; Tue, 2 Aug 2005 02:22:50 +0000 (GMT) (envelope-from rmaglasang@infoweapons.com) Received: from [10.3.1.41] ([10.3.1.41]) by ws2.infoweapons.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 2 Aug 2005 10:22:10 +0800 Message-ID: <42EEDABE.7080402@infoweapons.com> Date: Tue, 02 Aug 2005 10:30:22 +0800 From: "Ronnel P. Maglasang" User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050719) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alexander Leidinger References: <42E9BC12.2050401@infoweapons.com> <20050729065357.GA617@darkness.comp.waw.pl> <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net> In-Reply-To: <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 02 Aug 2005 02:22:10.0265 (UTC) FILETIME=[FC8E6490:01C59708] Cc: freebsd-hackers , Pawel Jakub Dawidek , freebsd-geom Subject: Re: booting gbde-encrypted filesystem X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 02:22:52 -0000 What I had in mind is perhaps I could find a way to enter the passphrase at the loader prompt, or configure the loader to get the passphrase from an external device or hardcoded the passphrase in the bootloader(really insecure). Alexander Leidinger wrote: > Pawel Jakub Dawidek wrote: > >> This is not not possible with current GBDE. >> I've patches which allows this here: >> >> http://people.freebsd.org/~pjd/patches/gbde.patch > > > I fail to see how this allows an encryted root-FS, it doesn't add gbde > support to boot0(ext) or to the loader. It needs access to an unencrypted > kernel. I don't think this is what Ronnel had in mind (overlooking the > fact > that his suggestion to save the passphrase in the loader is insecure). > > Bye, > Alexander. > From owner-freebsd-geom@FreeBSD.ORG Tue Aug 2 19:11:25 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9962316A41F; Tue, 2 Aug 2005 19:11:25 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36B1C43D45; Tue, 2 Aug 2005 19:11:25 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.11/8.12.11) with ESMTP id j72JBOna097156; Tue, 2 Aug 2005 15:11:24 -0400 (EDT) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.11/8.12.11/Submit) id j72JBNFx097155; Tue, 2 Aug 2005 15:11:23 -0400 (EDT) (envelope-from afields) Date: Tue, 2 Aug 2005 15:11:23 -0400 From: Allan Fields To: "Ronnel P. Maglasang" Message-ID: <20050802191123.GC230@afields.ca> References: <42E9BC12.2050401@infoweapons.com> <20050729065357.GA617@darkness.comp.waw.pl> <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net> <42EEDABE.7080402@infoweapons.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tsOsTdHNUZQcU9Ye" Content-Disposition: inline In-Reply-To: <42EEDABE.7080402@infoweapons.com> User-Agent: Mutt/1.4i Cc: Alexander Leidinger , freebsd-geom , Pawel Jakub Dawidek , freebsd-hackers Subject: Re: booting gbde-encrypted filesystem X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 19:11:25 -0000 --tsOsTdHNUZQcU9Ye Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 02, 2005 at 10:30:22AM +0800, Ronnel P. Maglasang wrote: > What I had in mind is perhaps I could find a way to > enter the passphrase at the loader prompt, or configure > the loader to get the passphrase from an external > device or hardcoded the passphrase in the bootloader(really > insecure). I understand you model which is to have something required to ensure the disks cannot be read w/o physical token. Theoretically the loader could allow you to fetch some memory address and insert it into a boot variable. If you just want to ensure a token is required to enable access to a machine you could add something in the root-FS patch which reads directly from the hardware device, though this is before the full device infrastructure is bootstrapped IRC. What about the idea of adding support for HSM and TPMs? Hardware keystores and other similar authentication mechanisms which push a key into a secure memory accessible by the crypto API might be the answer. I am looking at similar solutions. My idea is to enable remote authentication through a secure means. So there are multiple options: to secure console access. * Some IPMI hardware has an ethernet accessible console, that can then be routed through a secure tunnel. * There is the idea of ethercons if it can be extended to support encryption. * A serial console can be accessed through another machine securely This one has been around since a few years back, but the below patch brings it closer to being workable. > Alexander Leidinger wrote: >=20 > >Pawel Jakub Dawidek wrote: > > > >>This is not not possible with current GBDE. > >>I've patches which allows this here: > >> > >> http://people.freebsd.org/~pjd/patches/gbde.patch > > > > > >I fail to see how this allows an encryted root-FS, it doesn't add gbde > >support to boot0(ext) or to the loader. It needs access to an unencrypted > >kernel. I don't think this is what Ronnel had in mind (overlooking the= =20 > >fact > >that his suggestion to save the passphrase in the loader is insecure). An unencrypted kernel can be read off of another device and then used to mount the encrypted root. > >Bye, > >Alexander. > > -- = = =20 Allan Fields (afields) - Ottawa, Canada (45"10'N 75"56'W) = = =20 Himeji Systems http://himejisystems.com = = =20 Afields Research/AFRSL http://afields.ca=20 --tsOsTdHNUZQcU9Ye Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQFC78Va90UNcjm0VUERAiJQAJ0aSaKz1Jjpb7tpJy4U/8pjbmRITACgnXhk NYXLREie0vwpa+/Zd3/ery8= =JLPk -----END PGP SIGNATURE----- --tsOsTdHNUZQcU9Ye-- From owner-freebsd-geom@FreeBSD.ORG Tue Aug 2 20:56:08 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9972416A41F for ; Tue, 2 Aug 2005 20:56:08 +0000 (GMT) (envelope-from xride@x12.dk) Received: from swip.net (mailfe10.tele2.se [212.247.155.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53C5343D49 for ; Tue, 2 Aug 2005 20:56:06 +0000 (GMT) (envelope-from xride@x12.dk) X-T2-Posting-ID: lkM/Dn7LTUP9vUt2XCoVCw== Received: from x12.dk ([83.72.97.237] verified) by mailfe10.swip.net (CommuniGate Pro SMTP 4.3.4) with ESMTP id 231208386; Tue, 02 Aug 2005 22:56:05 +0200 Received: from localhost (unknown [127.0.0.1]) by x12.dk (Postfix) with ESMTP id 8327B5081A; Tue, 2 Aug 2005 22:55:42 +0200 (CEST) Received: from x12.dk ([127.0.0.1]) by localhost (x12.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69700-06; Tue, 2 Aug 2005 22:54:18 +0200 (CEST) Received: from x12.dk (localhost [127.0.0.1]) by x12.dk (Postfix) with ESMTP; Tue, 2 Aug 2005 22:54:18 +0200 (CEST) Received: from localhost (xride@localhost) by x12.dk (8.13.3/8.13.3/Submit) with ESMTP id j72KsFID070222; Tue, 2 Aug 2005 22:54:18 +0200 (CEST) (envelope-from xride@x12.dk) Date: Tue, 2 Aug 2005 22:54:15 +0200 (CEST) From: Soeren Straarup To: Allan Fields In-Reply-To: <20050801221046.E56193@x12.dk> Message-ID: <20050802225342.P56193@x12.dk> References: <20050731180839.X30022@x12.dk> <20050801153336.GC43753@afields.ca> <20050801221046.E56193@x12.dk> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1895515675-1123016055=:56193" X-Virus-Scanned: amavisd-new at x12.dk Cc: freebsd-geom@freebsd.org Subject: Re: geomgui graphical view of te geom layer X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 20:56:08 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1895515675-1123016055=:56193 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Mon, 1 Aug 2005, Soeren Straarup wrote: > On Mon, 1 Aug 2005, Allan Fields wrote: > >> On Sun, Jul 31, 2005 at 08:59:25PM +0200, Soeren Straarup wrote: >>>=20 >>> Hi >>>=20 >>> I'm writting on a graphical viewer of the geom layer. >>> Is that something that someone out there would use? >>=20 >> YES. >>=20 >> I look forward to this. What language/gui toolkit? > > http://xride.dk/pub/geomgui-port-0.3.tar.gz New version.. old one wasn't that good. http://xride.dk/pub/geomgui-port-0.4.tar.gz > That is an alpha port of geomgui. it reads xml in via sysctl and then > parses it through geom_xml2tree then a mud of geom_xml2tree and the dot > creator from the kernel. > I still need to update the program to use sbufs.. it is pretty unsafed > programmed atm. but again it can by runned as a normal user. > >>=20 >>>=20 >>> \S?ren >>>=20 >>> Soeren Straarup | aka OZ2DAK aka Xride >>> FreeBSD wannabe | FreeBSD since 2.2.6-R >>> 'We wanted to believe. But the tools >>> had been taken away..' Mulder >>=20 >>=20 >> Thanks, >> --=20 >> Allan Fields >>=20 > > \S=F8ren > > Soeren Straarup | aka OZ2DAK aka Xride > FreeBSD wannabe | FreeBSD since 2.2.6-R > 'We wanted to believe. But the tools > had been taken away..' Mulder Soeren Straarup | aka OZ2DAK aka Xride FreeBSD wannabe | FreeBSD since 2.2.6-R 'We wanted to believe. But the tools had been taken away..' Mulder --0-1895515675-1123016055=:56193-- From owner-freebsd-geom@FreeBSD.ORG Wed Aug 3 01:25:15 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E34BB16A41F for ; Wed, 3 Aug 2005 01:25:15 +0000 (GMT) (envelope-from snow@teardrop.org) Received: from imladris.teardrop.org (imladris.teardrop.org [66.92.66.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A37E943D70 for ; Wed, 3 Aug 2005 01:25:15 +0000 (GMT) (envelope-from snow@teardrop.org) Received: by imladris.teardrop.org (Postfix, from userid 100) id 97DE8BE20E; Tue, 2 Aug 2005 21:25:15 -0400 (EDT) Date: Tue, 2 Aug 2005 21:25:15 -0400 From: James Snow To: freebsd-geom@freebsd.org Message-ID: <20050803012515.GA1227@teardrop.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: gmirror on boot device after upgrade from 5.4 to 6.0? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 01:25:16 -0000 I have a 5.4-S machine on which I'd been running gmirror for some time without issue. After updating to 6.0, I'm not able to boot properly at all. Panics here and there depending on what I do trying to boot. I'm skipping on detail for the time being because I just want to know: Is there something I was supposed to do when updating the kernel for geom_mirror to continue to be bootable? -Snow From owner-freebsd-geom@FreeBSD.ORG Wed Aug 3 05:59:23 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9804916A41F for ; Wed, 3 Aug 2005 05:59:23 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1949743D45 for ; Wed, 3 Aug 2005 05:59:23 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from localhost (dlu216.neoplus.adsl.tpnet.pl [83.24.50.216]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id E545E52B3C; Wed, 3 Aug 2005 07:59:20 +0200 (CEST) Date: Wed, 3 Aug 2005 07:58:47 +0200 From: Pawel Jakub Dawidek To: James Snow Message-ID: <20050803055847.GD59370@garage.freebsd.pl> References: <20050803012515.GA1227@teardrop.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="11Y7aswkeuHtSBEs" Content-Disposition: inline In-Reply-To: <20050803012515.GA1227@teardrop.org> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng devel (FreeBSD) Cc: freebsd-geom@freebsd.org Subject: Re: gmirror on boot device after upgrade from 5.4 to 6.0? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 05:59:23 -0000 --11Y7aswkeuHtSBEs Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 02, 2005 at 09:25:15PM -0400, James Snow wrote: +> I have a 5.4-S machine on which I'd been running gmirror for some time +> without issue. After updating to 6.0, I'm not able to boot properly at +> all. Panics here and there depending on what I do trying to boot. +>=20 +> I'm skipping on detail for the time being because I just want to know: +> Is there something I was supposed to do when updating the kernel for +> geom_mirror to continue to be bootable? I'm not aware of any issues. The main difference is root_mount KPI used to hold boot process, but it works well for me. Please, provide more details asap, so I can work on issues before 6.0. Thanks. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --11Y7aswkeuHtSBEs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC8F0XForvXbEpPzQRArbGAJ9U6WYrfC3sdgQdEcvfXVudFnoGQQCdHHER N0P+2zpOtFKM9rJvm/0q8RE= =SfJT -----END PGP SIGNATURE----- --11Y7aswkeuHtSBEs-- From owner-freebsd-geom@FreeBSD.ORG Wed Aug 3 15:46:26 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E856516A41F; Wed, 3 Aug 2005 15:46:26 +0000 (GMT) (envelope-from snow@teardrop.org) Received: from imladris.teardrop.org (imladris.teardrop.org [66.92.66.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D17643D4C; Wed, 3 Aug 2005 15:46:26 +0000 (GMT) (envelope-from snow@teardrop.org) Received: by imladris.teardrop.org (Postfix, from userid 100) id 786CFBE20E; Wed, 3 Aug 2005 11:46:30 -0400 (EDT) Date: Wed, 3 Aug 2005 11:46:30 -0400 From: James Snow To: Pawel Jakub Dawidek Message-ID: <20050803154630.GD9486@teardrop.org> References: <20050803012515.GA1227@teardrop.org> <20050803055847.GD59370@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050803055847.GD59370@garage.freebsd.pl> User-Agent: Mutt/1.4.2.1i Cc: freebsd-geom@freebsd.org Subject: Re: gmirror on boot device after upgrade from 5.4 to 6.0? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 15:46:27 -0000 On Wed, Aug 03, 2005 at 07:58:47AM +0200, Pawel Jakub Dawidek wrote: > > I'm not aware of any issues. The main difference is root_mount KPI used > to hold boot process, but it works well for me. > Please, provide more details asap, so I can work on issues before 6.0. Well, my 6.x sources on this machine are about a month old. (Long story.) Also, I got it to boot from gmirror again through some strange path that involved booting off of the components of the gmirror devices a couple of times, panicking a few more times, and finally resyncing the primary drive in the pair. It seems to be working fine now and I'm updating the machine to 6.0-BETA1. Let's attribute this one to PEBCAK for the time being. I'll let you know if I have any further trouble. -Snow From owner-freebsd-geom@FreeBSD.ORG Thu Aug 4 08:53:48 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C37716A41F; Thu, 4 Aug 2005 08:53:48 +0000 (GMT) (envelope-from snow@teardrop.org) Received: from imladris.teardrop.org (imladris.teardrop.org [66.92.66.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F4C143D49; Thu, 4 Aug 2005 08:53:48 +0000 (GMT) (envelope-from snow@teardrop.org) Received: by imladris.teardrop.org (Postfix, from userid 100) id 98F04BE20F; Thu, 4 Aug 2005 04:53:57 -0400 (EDT) Date: Thu, 4 Aug 2005 04:53:57 -0400 From: James Snow To: Pawel Jakub Dawidek Message-ID: <20050804085357.GA18756@teardrop.org> References: <20050803012515.GA1227@teardrop.org> <20050803055847.GD59370@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050803055847.GD59370@garage.freebsd.pl> User-Agent: Mutt/1.4.2.1i Cc: freebsd-geom@freebsd.org Subject: Re: gmirror on boot device after upgrade from 5.4 to 6.0? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2005 08:53:48 -0000 On Wed, Aug 03, 2005 at 07:58:47AM +0200, Pawel Jakub Dawidek wrote: > > Please, provide more details asap, so I can work on issues before 6.0. Pawel, Once I rebuilt from whatever 6-CURRENT I was running to 6.0-BETA2 my troubles appeared to go away. I guess I was bumping into an old and already fixed bug. Sorry for the false alarm. By the way, gmirror behaved quite nicely through this. I was able to boot from one of the providers with gmirror disabled, load gmirror, deactivate the other provider, build an up-to-date kernel and install it, and then reboot onto the gmirror device, reactivate the second provider and have it start syncing back up. Thanks for your work on gmirror. -Snow From owner-freebsd-geom@FreeBSD.ORG Sat Aug 6 00:54:04 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 061F216A41F for ; Sat, 6 Aug 2005 00:54:04 +0000 (GMT) (envelope-from nevans@syphen.net) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [63.240.76.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9ECA343D46 for ; Sat, 6 Aug 2005 00:54:03 +0000 (GMT) (envelope-from nevans@syphen.net) Received: from syphen.net ([68.45.49.199]) by comcast.net (sccrmhc12) with ESMTP id <2005080600540201200pcknpe>; Sat, 6 Aug 2005 00:54:02 +0000 Received: from speedstar (speedstar [192.168.0.11]) by syphen.net (Postfix) with ESMTP id E39D461C55 for ; Fri, 5 Aug 2005 21:02:10 -0400 (EDT) Date: Fri, 5 Aug 2005 20:54:01 -0400 From: Nick Evans To: freebsd-geom@freebsd.org Message-ID: <20050805205401.204c817f@speedstar> In-Reply-To: <10601.1122818847@phk.freebsd.dk> References: <20050731135919.GA43753@afields.ca> <10601.1122818847@phk.freebsd.dk> X-Mailer: Sylpheed-Claws 1.9.11 (GTK+ 2.6.7; i386-portbld-freebsd5.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Kernel Source Divergence, Security (was: booting gbde-encrypted filesystem) X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Aug 2005 00:54:04 -0000 On Sun, 31 Jul 2005 16:07:27 +0200 "Poul-Henning Kamp" wrote: > In message <20050731135919.GA43753@afields.ca>, Allan Fields writes: > > >Yes, this is all very nice, but when is someone actually going to > >commit it? ;) > > I'm (as always) short of time, and GBDE is not the top priority > for me for the time being. > > So I am more than happy to see people band together and improve > gbde. > > The main work necessary is to polish the userland program and that > is relatively trivial programming, so anyone should be able to pick > that up: just go for it. > > Giving gbde a taste function so that the root filesystem can be > protected by GBDE, this is also OK by me in principle, but I'd like > to review the patch before it gets committed because there are a > large number of dragons. > > In P4:phk_gbde there is the beginning of hw-crypto support through > opencrypto(9), if somebody wants to work on that, get in touch with > me. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by > incompetence. _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom- > unsubscribe@freebsd.org" > I can do testing on the hardware crypto backed gbde stuff if anyone needs it. I've got a few Soekris boards I've been waiting to try out with gbde. Nick