From owner-freebsd-geom@FreeBSD.ORG Mon May 25 11:06:52 2009 Return-Path: Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E6631065674 for ; Mon, 25 May 2009 11:06:52 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4AA3C8FC0A for ; Mon, 25 May 2009 11:06:52 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4PB6qtU092798 for ; Mon, 25 May 2009 11:06:52 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4PB6p1A092794 for freebsd-geom@FreeBSD.org; Mon, 25 May 2009 11:06:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 25 May 2009 11:06:51 GMT Message-Id: <200905251106.n4PB6p1A092794@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-geom@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-geom@FreeBSD.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 May 2009 11:06:52 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/134113 geom [geli] Problem setting secondary GELI key o kern/134044 geom [geom] gmirror(8) overwrites fs with stale data from r o kern/133931 geom [geli] [request] intentionally wrong password to destr o bin/132845 geom [geom] [patch] ggated(8) does not close files opened a o kern/132273 geom glabel(8): [patch] failing on journaled partition o kern/132242 geom [gmirror] gmirror.ko fails to fully initialize o kern/131353 geom [geom] gjournal(8) kernel lock o kern/131037 geom [geli] Unable to create disklabel on .eli-Device o kern/130528 geom gjournal fsck during boot o kern/129674 geom [geom] gjournal root did not mount on boot o kern/129645 geom gjournal(8): GEOM_JOURNAL causes system to fail to boo o kern/129245 geom [geom] gcache is more suitable for suffix based provid o bin/128398 geom [patch] glabel(8): teach geom_label to recognise gpt l f kern/128276 geom [gmirror] machine lock up when gmirror module is used o kern/126902 geom [geom] geom_label: kernel panic during install boot o kern/124973 geom [gjournal] [patch] boot order affects geom_journal con o kern/124969 geom gvinum(8): gvinum raid5 plex does not detect missing s o kern/124294 geom [geom] gmirror(8) have inappropriate logic when workin o kern/124130 geom [gmirror] [usb] gmirror fails to start usb devices tha o kern/123962 geom [panic] [gjournal] gjournal (455Gb data, 8Gb journal), o kern/123630 geom [patch] [gmirror] gmirror doesnt allow the original dr o kern/123122 geom [geom] GEOM / gjournal kernel lock f kern/122415 geom [geom] UFS labels are being constantly created and rem o kern/122067 geom [geom] [panic] Geom crashed during boot o kern/121559 geom [patch] [geom] geom label class allows to create inacc o kern/121364 geom [gmirror] Removing all providers create a "zombie" mir o kern/120231 geom [geom] GEOM_CONCAT error adding second drive o kern/120044 geom [msdosfs] [geom] incorrect MSDOSFS label fries adminis o kern/120021 geom [geom] [panic] net-p2p/qbittorrent crashes system when o kern/119743 geom [geom] geom label for cds is keeped after dismount and o kern/115547 geom [geom] [patch] [request] let GEOM Eli get password fro o kern/114532 geom [geom] GEOM_MIRROR shows up in kldstat even if compile o kern/113957 geom [gmirror] gmirror is intermittently reporting a degrad o kern/113837 geom [geom] unable to access 1024 sector size storage o kern/113419 geom [geom] geom fox multipathing not failing back p bin/110705 geom gmirror(8) control utility does not exit with correct o kern/107707 geom [geom] [patch] [request] add new class geom_xbox360 to o kern/104389 geom [geom] [patch] sys/geom/geom_dump.c doesn't encode XML o kern/98034 geom [geom] dereference of NULL pointer in acd_geom_detach o kern/94632 geom [geom] Kernel output resets input while GELI asks for o kern/90582 geom [geom] [panic] Restore cause panic string (ffs_blkfree o bin/90093 geom fdisk(8) incapable of altering in-core geometry a kern/89660 geom [vinum] [patch] [panic] due to g_malloc returning null o kern/89546 geom [geom] GEOM error s kern/89102 geom [geom] [panic] panic when forced unmount FS from unplu o kern/87544 geom [gbde] mmaping large files on a gbde filesystem deadlo o kern/84556 geom [geom] [panic] GBDE-encrypted swap causes panic at shu o kern/79251 geom [2TB] newfs fails on 2.6TB gbde device o kern/79035 geom [vinum] gvinum unable to create a striped set of mirro o bin/78131 geom gbde(8) "destroy" not working. s kern/73177 geom kldload geom_* causes panic due to memory exhaustion 51 problems total. From owner-freebsd-geom@FreeBSD.ORG Tue May 26 08:57:27 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C5D7106566C; Tue, 26 May 2009 08:57:27 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 319488FC0C; Tue, 26 May 2009 08:57:27 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4Q8vQ2G085836; Tue, 26 May 2009 08:57:26 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4Q8vQla085832; Tue, 26 May 2009 08:57:26 GMT (envelope-from gavin) Date: Tue, 26 May 2009 08:57:26 GMT Message-Id: <200905260857.n4Q8vQla085832@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-geom@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/134922: kernel panic when use fdisk on disk who been removed from gmirror X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 08:57:27 -0000 Synopsis: kernel panic when use fdisk on disk who been removed from gmirror Responsible-Changed-From-To: freebsd-bugs->freebsd-geom Responsible-Changed-By: gavin Responsible-Changed-When: Tue May 26 08:56:32 UTC 2009 Responsible-Changed-Why: ver to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=134922 From owner-freebsd-geom@FreeBSD.ORG Wed May 27 00:04:47 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 716F51065672 for ; Wed, 27 May 2009 00:04:47 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by mx1.freebsd.org (Postfix) with ESMTP id 2AA708FC14 for ; Wed, 27 May 2009 00:04:46 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so2352860ywe.13 for ; Tue, 26 May 2009 17:04:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=p/TOQoU37LT8xEHDBjnNWJdz2Po9/2Yxk5H+MzK1VlI=; b=mXerzt8iJjFY2cxKVSlrikgD2YC4ijr5g85FIMBb0j+V1VDgE0sh/HnaL9ri2jEHVg gw/qgv1XT8TflGPIR1tkk9ZBIWJq6aMFsR0MTXmxtKUR2XBScGffI0bzHGS347O5KzAA RIvfKq/XrUZkHxB723nu8hyxYa+futP9fRgK0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=v+PoM8jxRiYeiE7GePGy1XSLgEoJIZJSQ5lLo9GI2QQIQXSEy4hws2SJAJP4O1z7oY 6ksLzngYjTjxIe4KwZe1l6x/D9UgeE965rOujR4//1hjyP4YmTV/KEX0GuRDzXNSAaIm DcTfcRH99NUgTqCzh1pNEq+KDr5ijg3IPUtHI= MIME-Version: 1.0 Received: by 10.100.242.11 with SMTP id p11mr11631480anh.113.1243381028711; Tue, 26 May 2009 16:37:08 -0700 (PDT) Date: Wed, 27 May 2009 02:37:08 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 00:04:47 -0000 Hello (World). I am in the process of building a new system for a home NAS/webserver use and the hardware is basically this: Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel D945GCLF2, 2 GB RAM. Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mode) 1 x 1.5 TB Western Digital Caviar Green (will get more as the need arises) A pic of the system, for the curious: http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-storage.jpg?w=500&h=360 I have been looking into encrypting most of the system with GELI using the default 256bit AES, how big of a performance hit should I expect on this CPU? I know there is no way of giving any exact estimations without actual measurements on the given set of hardware, but either way, assuming long sequential reads or writes off a single SATA disk, what would you expect your CPU usage to be like and whats the actual read/write performance hit is likely to be? I tried googling for some "with and without GELI encryption" kind of benchmarks, but unfortunately couldn't find any. Thank you. Dan Naumov From owner-freebsd-geom@FreeBSD.ORG Wed May 27 01:33:56 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE02B106564A for ; Wed, 27 May 2009 01:33:56 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f164.google.com (mail-ew0-f164.google.com [209.85.219.164]) by mx1.freebsd.org (Postfix) with ESMTP id 496DA8FC14 for ; Wed, 27 May 2009 01:33:55 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by ewy8 with SMTP id 8so747147ewy.43 for ; Tue, 26 May 2009 18:33:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=CcTrJFPZrutzRhElck5Je3/SJq26g9X3Yzi1+sGibfE=; b=H+PUS4qB+2B5bYJxwOksd3nJQjoWKFkujqHMBOwV/C5MZmyHOndjwPhoxEy7v3Qa62 DcpZqCU3WchB5p3SZEmJR4bBMd6cgoIoAkoKoMZS+ii5xIjeLDJBn/yq4yIHWPPtn7NR BnxZzrVgJFjxk235hPlqKG+6OPUqJKk9zVzrA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=u4AQSGA1EDblZVu7ZOkp7c5DTanpAvb58R7xlvHHhsaGUSbujXmTxI5oRKWlOTyAkL 7Y6Q1CjkYLQakiibW728gP0O6Oxvvnxnz2VAAKK6/Bx9GWLplYgbbQWbWNfY7uzedRYF ozz68rpuLELrzAONRE6EP+quf+cBNyuA3E5iE= Received: by 10.210.92.8 with SMTP id p8mr959325ebb.4.1243386038386; Tue, 26 May 2009 18:00:38 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 28sm2901756eyg.14.2009.05.26.18.00.37 (version=SSLv3 cipher=RC4-MD5); Tue, 26 May 2009 18:00:37 -0700 (PDT) Date: Wed, 27 May 2009 02:00:34 +0100 From: RW To: freebsd-geom@freebsd.org Message-ID: <20090527020034.1087a542@gumby.homeunix.com> In-Reply-To: References: X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 01:33:57 -0000 On Wed, 27 May 2009 02:37:08 +0300 Dan Naumov wrote: > Hello (World). > > I am in the process of building a new system for a home NAS/webserver > use and the hardware is basically this: > > Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel > D945GCLF2, 2 GB RAM. > Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD > mode) 1 x 1.5 TB Western Digital Caviar Green (will get more as the > need arises) > > I have been looking into encrypting most of the system with GELI using > the default 256bit AES, how big of a performance hit should I expect > on this CPU? Probably quite significant for some disk operations. I have a 4 year old 2.8 GHz single-core amd64 running i386 and I see ~100% cpu utilization when copying large files between two geli partitions. If you haven't already bought it you might want to look at cpus with AES hardware acceleration. From owner-freebsd-geom@FreeBSD.ORG Wed May 27 09:33:50 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD63A106564A for ; Wed, 27 May 2009 09:33:49 +0000 (UTC) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 47A5F8FC18 for ; Wed, 27 May 2009 09:33:48 +0000 (UTC) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1M9FW5-00062j-Cd for freebsd-geom@freebsd.org; Wed, 27 May 2009 09:33:45 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 May 2009 09:33:45 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 May 2009 09:33:45 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Ivan Voras Date: Wed, 27 May 2009 11:33:36 +0200 Lines: 61 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9F38BA1E16E44323EC6EBA69" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.21 (X11/20090409) In-Reply-To: X-Enigmail-Version: 0.95.7 Sender: news Subject: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 09:33:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9F38BA1E16E44323EC6EBA69 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dan Naumov wrote: > Hello (World). >=20 > I am in the process of building a new system for a home NAS/webserver > use and the hardware is basically this: >=20 > Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel > D945GCLF2, 2 GB RAM. > Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mod= e) > 1 x 1.5 TB Western Digital Caviar Green (will get more as the need aris= es) >=20 > A pic of the system, for the curious: > http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-stor= age.jpg?w=3D500&h=3D360 >=20 > I have been looking into encrypting most of the system with GELI using > the default 256bit AES, how big of a performance hit should I expect > on this CPU?=20 If you have an Atom machine you can simply check - issue an "openssl speed aes" command and check the results. For comparison, Xeon 5405 (2 GHz) gives: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 89558.04k 101934.80k 104123.42k 102857.83k 103801.84k aes-192 cbc 84368.49k 89821.97k 91069.49k 90385.70k 91112.45k aes-256 cbc 75515.15k 80486.21k 81367.19k 80650.02k 81554.34k I.e. with AES-256 and blocks of data of 1024 bytes, I get 80 MB/s. Except if you're really paranoid, you might want to relax your security requirements and use aes-128 without essentially reducing your practical security. --------------enig9F38BA1E16E44323EC6EBA69 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkodCPcACgkQldnAQVacBcjEOACeP5RkioDhMRmy3V4iOwdvtC0d /zgAn1UkEhpLw4Oj8SENFDg3B3KhP2f2 =inDT -----END PGP SIGNATURE----- --------------enig9F38BA1E16E44323EC6EBA69-- From owner-freebsd-geom@FreeBSD.ORG Wed May 27 11:03:07 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A69F41065673 for ; Wed, 27 May 2009 11:03:07 +0000 (UTC) (envelope-from ac@belngo.info) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by mx1.freebsd.org (Postfix) with ESMTP id 464768FC22 for ; Wed, 27 May 2009 11:03:07 +0000 (UTC) (envelope-from ac@belngo.info) Received: by ey-out-2122.google.com with SMTP id 9so936565eyd.7 for ; Wed, 27 May 2009 04:03:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.210.91.7 with SMTP id o7mr1564846ebb.79.1243420309521; Wed, 27 May 2009 03:31:49 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 May 2009 13:31:49 +0300 Message-ID: <5709ce310905270331t38952f66uf872a85b3e799596@mail.gmail.com> From: Alaksiej C To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 11:03:08 -0000 Ivan Voras : > Except if you're really paranoid, you might want to relax your security > requirements and use aes-128 without essentially reducing your practical > security. It's true. Also, sector size option (-s) could help you. Larger its value - faster ciphering, for the price of less optimal disk space usage, of course. From owner-freebsd-geom@FreeBSD.ORG Wed May 27 11:45:49 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90F05106566C for ; Wed, 27 May 2009 11:45:49 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240]) by mx1.freebsd.org (Postfix) with ESMTP id 4E3F38FC1A for ; Wed, 27 May 2009 11:45:49 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by an-out-0708.google.com with SMTP id c3so2455504ana.13 for ; Wed, 27 May 2009 04:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=oH2V8tgF+NG1hXs58GEsTILOAZH3bqjzDbfWWXrvr9s=; b=R+Ho32JSR16rsIes6ToOSyuXkFEME0vJBUcl7sE5aikZnfctDVC2OkHf6dCVTIwHqB Jv9s16/6TYm+FWcNlkHzl3FkxnodlEn7defUBuwSnGcTihurkPam8OmE0NEdcFPIPAid ZjNw/YMhwNabq9zbi+LIMtUL3fGikbwTZIDJ0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=rwPkd2uf5IO92sk7K1/hLWP1GbzZFXEPtmzB5w5H4EIqqHVvYhnMFrL4Sz3zIpzLW/ QDJsZFOZFfBRNtUUM8tfvxqE1y9Zd9769tm1qVIfm7/EjC5I+PsDruTA019rcuwG/i+j U04TOjn8tsWEHZ61YFmeT61mPXvsimM1czQYw= MIME-Version: 1.0 Received: by 10.100.92.2 with SMTP id p2mr17179002anb.7.1243424748437; Wed, 27 May 2009 04:45:48 -0700 (PDT) Date: Wed, 27 May 2009 14:45:48 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 11:45:49 -0000 Hello (World) again :) Sorry for creating another discussion thread so fast, but I figured that since the new questions I have do not fall under the scope of "CPU horsepower requirements for GELI", I thought they deserved a new one: 1) I am reading the Handbook section on GELI ( http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html ) and I am a bit confused. The example a) creates a keyfile b) initializes a provider with the keyfile c) attaches the provider d) creates a new filesystem directly on the provider and e) mounts it Now, I am probably missing something very obvious, but are "slices" no longer a requirement for creating and using an UFS filesystem in FreeBSD? 2) The example in the Handbook encrypts the entire drive. If my system is going to use 1 big drive, I want /home and /data encrypted, while the rest of the system can stay non-encrypted, how should I go about doing this? Should I create a single big slice with 1 big root partition and 2 separated partitions for /home and /data and the initialise GELI on these specific partitions? Can basically anything be used a a "provider" for GELI? A disk drive, a slice, a partition inside a slice, a file? 3) The handbook states the following: "It is not mandatory that both a passphrase and a key file are used; either method of securing the Master Key can be used in isolation.". Now, how to use just the keyfile is pretty obvious, according to the geli manpage "geom init -P" will not use the passphrase as the key component. However, if I want to just protect my data using the passphrase and not use the keyfile(s), how do I do this? What are the implications of using only the passphrase instead of using both a passphrase and a keyfile? Thanks! Dan Naumov From owner-freebsd-geom@FreeBSD.ORG Wed May 27 11:50:11 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2647C1065672 for ; Wed, 27 May 2009 11:50:11 +0000 (UTC) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id CFC798FC17 for ; Wed, 27 May 2009 11:50:10 +0000 (UTC) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1M9He4-0003ZY-1x for freebsd-geom@freebsd.org; Wed, 27 May 2009 11:50:08 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 May 2009 11:50:08 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 May 2009 11:50:08 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Ivan Voras Date: Wed, 27 May 2009 13:49:22 +0200 Lines: 61 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig90B7BBF4780F5155DBA77560" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.21 (X11/20090409) In-Reply-To: X-Enigmail-Version: 0.95.7 Sender: news Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 11:50:11 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig90B7BBF4780F5155DBA77560 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dan Naumov wrote: > Hello (World) again :) >=20 > Sorry for creating another discussion thread so fast, but I figured > that since the new questions I have do not fall under the scope of > "CPU horsepower requirements for GELI", I thought they deserved a new > one: >=20 > 1) I am reading the Handbook section on GELI ( > http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html ) > and I am a bit confused. The example >=20 > a) creates a keyfile > b) initializes a provider with the keyfile > c) attaches the provider > d) creates a new filesystem directly on the provider and > e) mounts it >=20 > Now, I am probably missing something very obvious, but are "slices" no > longer a requirement for creating and using an UFS filesystem in > FreeBSD? No, and have not been since introduction of GEOM a long-ish time ago. > 2) The example in the Handbook encrypts the entire drive. If my system > is going to use 1 big drive, I want /home and /data encrypted, while > the rest of the system can stay non-encrypted, how should I go about > doing this? Should I create a single big slice with 1 big root > partition and 2 separated partitions for /home and /data and the > initialise GELI on these specific partitions? Yes. > Can basically anything > be used a a "provider" for GELI? A disk drive, a slice, a partition > inside a slice, a file? Yes, again because of GEOM, not specific to GELI. --------------enig90B7BBF4780F5155DBA77560 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkodKMIACgkQldnAQVacBchpewCglvxSSOdTCr8ScNJMviJ5+8o/ wfwAoIoxTlVBTUB75rnl3hEfFOy+zs4T =++Mb -----END PGP SIGNATURE----- --------------enig90B7BBF4780F5155DBA77560-- From owner-freebsd-geom@FreeBSD.ORG Wed May 27 12:01:29 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BEAE10656F6 for ; Wed, 27 May 2009 12:01:29 +0000 (UTC) (envelope-from ac@belngo.info) Received: from mail-ew0-f164.google.com (mail-ew0-f164.google.com [209.85.219.164]) by mx1.freebsd.org (Postfix) with ESMTP id 312C88FC32 for ; Wed, 27 May 2009 12:01:28 +0000 (UTC) (envelope-from ac@belngo.info) Received: by ewy8 with SMTP id 8so988770ewy.43 for ; Wed, 27 May 2009 05:01:28 -0700 (PDT) MIME-Version: 1.0 Received: by 10.210.41.1 with SMTP id o1mr1682460ebo.30.1243425687941; Wed, 27 May 2009 05:01:27 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 May 2009 15:01:27 +0300 Message-ID: <5709ce310905270501n2f1c3d21n846a7d2f37e528b7@mail.gmail.com> From: Alaksiej C To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 12:01:33 -0000 Just in case you will decide to encrypt a whole HDD: Keep in mind that some BIOSes in some situations searches for MBR, and if it's not present, the drive will be regarded as "empty". Therefore BIOS could set HPA and write its backup information to it. As control block of GELI resides at the end of underlying provider (HDD in our case), it will be destroyed. From owner-freebsd-geom@FreeBSD.ORG Wed May 27 12:27:17 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A08E1065670 for ; Wed, 27 May 2009 12:27:17 +0000 (UTC) (envelope-from petefrench@ticketswitch.com) Received: from constantine.ticketswitch.com (constantine.ticketswitch.com [IPv6:2002:57e0:1d4e:1::3]) by mx1.freebsd.org (Postfix) with ESMTP id 0C00C8FC08 for ; Wed, 27 May 2009 12:27:17 +0000 (UTC) (envelope-from petefrench@ticketswitch.com) Received: from dilbert.rattatosk ([10.64.50.6] helo=dilbert.ticketswitch.com) by constantine.ticketswitch.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1M9IDy-000PTL-VQ; Wed, 27 May 2009 13:27:14 +0100 Received: from petefrench by dilbert.ticketswitch.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1M9IDy-000B1z-U0; Wed, 27 May 2009 13:27:14 +0100 To: dan.naumov@gmail.com, freebsd-geom@freebsd.org In-Reply-To: Message-Id: From: Pete French Date: Wed, 27 May 2009 13:27:14 +0100 Cc: Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 12:27:17 -0000 > 3) The handbook states the following: "It is not mandatory that both a > passphrase and a key file are used; either method of securing the > Master Key can be used in isolation.". Now, how to use just the > keyfile is pretty obvious, according to the geli manpage "geom init > -P" will not use the passphrase as the key component. However, if I > want to just protect my data using the passphrase and not use the > keyfile(s), how do I do this? What are the implications of using only > the passphrase instead of using both a passphrase and a keyfile? Just initialise is with only the passphrase, and it will ask for it on boot. One thing which always annoyed me was with multiple encrypted drives it would ask me for the opassword multiple times on boot (I have a zpool over the top of encrypted drives). I eventually solved this with a very small encrypted partition (a couple of K) which is then used as the keyfile for the other partitions. So it asks me once, decrypts the small passpharse partition (which is full of random data) and then uses that as the keyfile for the rest of the drives. Works quite nicely. -pete. From owner-freebsd-geom@FreeBSD.ORG Wed May 27 13:25:05 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 270631065676 for ; Wed, 27 May 2009 13:25:05 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by mx1.freebsd.org (Postfix) with ESMTP id D4E178FC14 for ; Wed, 27 May 2009 13:25:04 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by an-out-0708.google.com with SMTP id c3so2481855ana.13 for ; Wed, 27 May 2009 06:25:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=uFOV3DLq6AiE/H/QhX9H7BWMEQM7RJTOE1uce7xEixY=; b=b1Ml6+J5+doX5+61iEKipvWpBTo9ZNC2wiZXG4J3f0nB3u4eobX9kaIkt8FR2cvMRl FG698IYci+cMqJs7cIbHTrhau0nNj24LwZrvLd0RF5vXXKa5CnXRS874VuqGQds8bdZH V7I6zDLOm5YvCe1JHEXp75MiTY+FEkauOrqR4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=d5GWovvUE+NR8BLYo+2fq22Izqa7DbTM20MUuFb1lREVCPmG/i5oP+hGGmw15BBmw2 cMw8iacEkhK/jbRDgEFxc3LpHhhbFaPOBkHSeqSAB80e6FM98NUj6rjCMZ7t3VdhpL++ PVaSBazdbqocDYMk0Hr7u/BjK1+Jxy7RJnLI8= MIME-Version: 1.0 Received: by 10.100.229.12 with SMTP id b12mr17352354anh.26.1243430703989; Wed, 27 May 2009 06:25:03 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 May 2009 16:25:03 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 13:25:05 -0000 I decided to give geom / geli a bit of a disaster test (inside a VM) 1) I created a new disk "ad1" 2) Created a new slice on it "ad1s1" 3) Created 2 similarly sized (~20GB) partitions inside the silce: "ad1s1d" and "ad1s1e" ======================= geli init -s 4096 /dev/ad1s1d Enter new passphrase: geli attach /dev/ad1s1d Enter passphrase: newfs /dev/a1s1d.eli mount /dev/a1s1d.eli /mnt/geli1 ======================= Alright, now we have a passphrase-protected geli partition working and mounted at /mnt/geli1, now the stress test: cp -R /usr/ports /mnt/geli1 Now that we have rebooted the machine: ======================= geli attach /dev/ad1s1d Enter passphrase: GEOM_ELI: Device ad1s1d.eli created. GEOM_ELI: Encryption: AES-CBC 128 GEOM_ELI: Crypto: software GEOM_LABEL: Label for provider ad1s1d.eli is ufsid/4a1d391db28ff834. ======================= Looking good so far, right? ======================= mount /dev/ad1s1d.eli /mnt/geli1 mount: /dev/ad1s1d.eli : Operation not permitted fsck /dev/ad1s1d.eli fsck: Could not determine filesystem type ======================= Oops :( - Dan Naumov From owner-freebsd-geom@FreeBSD.ORG Wed May 27 13:56:37 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51A5A1065690 for ; Wed, 27 May 2009 13:56:37 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by mx1.freebsd.org (Postfix) with ESMTP id 0B1DE8FC1D for ; Wed, 27 May 2009 13:56:36 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so2535105yxb.13 for ; Wed, 27 May 2009 06:56:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Skdv8OHEEbETq0qkmOMJEdrYwI71nmhLFGK+02VvoVY=; b=Q7f9WwRd4zVGOOLqHyTddhM3S7ThImtziAYqttcX6/cHH6DGuQcaAtQbJqbzDQY/OA QY9iz/yOAIDTFZeECGqMZURj9a2o1q5chpi47jlCUxnFIZ5J4VZzTJ7TCqVbZ4SiZ3oa lx3bb6BHnubsKpNQCMqg0fti0BWETIr1dpRfU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=kexGkLLLLnE/0kbw+AjNmdKlW/Jk+3PuBYQxPvuoBdoNaX0aj62H61u7KkLfpcP63a LJWUfWMJ31zje9BenWj4uBCfJ9eOxQIbROZ3F9kLA7MdZzzzXxINO2hcJCzsYnQ4AG4L oPQYLVRayOX4Lj0pYtknjx85StcvJgzjAXi4o= MIME-Version: 1.0 Received: by 10.100.242.11 with SMTP id p11mr13017418anh.113.1243432596344; Wed, 27 May 2009 06:56:36 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 May 2009 16:56:36 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 13:56:37 -0000 Thanks, that worked like a charm. Is there a way to have background fsck autolaunch itself when an attempt is made to mount an unclean ufs filesystem on a geli provider? - Dan Naumov On Wed, May 27, 2009 at 4:48 PM, Michael Jung wrote: > I ran into this also, try: > > fsck -y -t ufs /dev/ad1s1d.eli > > as fsck can not determine the file system type. > > --mikej > > Looking good so far, right? > > > ======================= > mount /dev/ad1s1d.eli /mnt/geli1 > mount: /dev/ad1s1d.eli : Operation not permitted > > fsck /dev/ad1s1d.eli > fsck: Could not determine filesystem type > ======================= > > Oops :( From owner-freebsd-geom@FreeBSD.ORG Wed May 27 14:52:21 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A1A31065755 for ; Wed, 27 May 2009 14:52:21 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from mail-qy0-f105.google.com (mail-qy0-f105.google.com [209.85.221.105]) by mx1.freebsd.org (Postfix) with ESMTP id C48888FC19 for ; Wed, 27 May 2009 14:52:18 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by qyk3 with SMTP id 3so6627180qyk.3 for ; Wed, 27 May 2009 07:52:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=hmLkyDls09Soj9GDw3A2QIRLLaXfBcNKHawXHL1ewms=; b=rxZVYRgW3po8v7Zcoq3HlCOueL1j8LTBa85uHz5KC571NvmJySwo9j8/Y56hyyxImi 0PayVPumvdh7zEvxST4X9PsXeqDsoZPj6pzBJL2/uWFPtRqfyAo9g0d4YQXkHVrjgS0q XxhUas8hGCt6HoueAf/XDxaDKckmMam2LFk38= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=rho6LZm13jWXjz0WoqopFj6hvvDky/I/u7AIzkZfOkMMrjA0zc7rbzWLetdqdjLnjI G79CtXYX+dJ9zGDhHDM1ZjgnwAA2aFdU82009wuQ/5RadF+Ed5Bz8p0IgQkyCNe19dV2 kWn1SeGN4I783ISNae6RqvX4VBKjN20MxoVho= MIME-Version: 1.0 Received: by 10.224.32.152 with SMTP id c24mr110831qad.112.1243435938256; Wed, 27 May 2009 07:52:18 -0700 (PDT) In-Reply-To: <5709ce310905270331t38952f66uf872a85b3e799596@mail.gmail.com> References: <5709ce310905270331t38952f66uf872a85b3e799596@mail.gmail.com> Date: Wed, 27 May 2009 17:52:18 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 14:52:22 -0000 It seems that GELI already defaults to AES-128. What documentation should I be looking into to see how different sector size options affect effective available disk space and performance? - Dan Naumov On Wed, May 27, 2009 at 1:31 PM, Alaksiej C wrote: > Ivan Voras : >> Except if you're really paranoid, you might want to relax your security >> requirements and use aes-128 without essentially reducing your practical >> security. > > > It's true. > > Also, sector size option (-s) could help you. Larger its value - > faster ciphering, for the price of less optimal disk space usage, of > course. > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" > From owner-freebsd-geom@FreeBSD.ORG Wed May 27 15:57:13 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7807A10657E3 for ; Wed, 27 May 2009 15:57:13 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24]) by mx1.freebsd.org (Postfix) with ESMTP id 2D6008FC2D for ; Wed, 27 May 2009 15:57:12 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by qw-out-2122.google.com with SMTP id 3so2479668qwe.7 for ; Wed, 27 May 2009 08:57:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=+lcBZ/TvjhcJFxywMIpZokR0bRk41huSo+MO5aQbd40=; b=B3eGrJIk1Hf/C0XTUSvzfQolvHZw8/MsLAHCaEN3f8WGawPXNiIwwd//9KNlarboiA uV3f6WuBgp12TnjDXHSSnFuSgqkMYCB2KQbhIGLJ4haFd/bFkD/AeMmriVKO0//IBCxD ue0CwO9s7rtQJSu/+QronUm8+8j/7KWeY+4E8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=B2E7w8NwdKryY03Mhlah678/k0t69T7l1obgCSWIc6I/hj72WRHjtMiGbc2lXuJFNx P7tfIgdMoY9lhxMODPnFzUYvoM9Nd4jInte+sdaMOt5AQChu24jKxqh7/nR+mSzBmGUQ qeg4moFpPTpOTZWFBHZIJNpHxytpGZJPQ7ADU= MIME-Version: 1.0 Received: by 10.224.67.132 with SMTP id r4mr163359qai.286.1243439831730; Wed, 27 May 2009 08:57:11 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 May 2009 18:57:11 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 15:57:14 -0000 And some further questions: 1) Is there any basis for the claims that in the event of a failure (power outage, slowly dying drive, etc) that one is much more likely to lose ALL his data when using encryption vs not using any encryption? The argument is that when you have a non-encrypted drive or partition that is damaged, you have a lot of tools at your disposal to attempt to recover your data, but if your data is encrypted, even relatively low amount of damage in the "wrong" place on the drive/partition can cause it to become undecipherable and cause complete loss of data. 2) Thanks to the help I have received so far, I now know how to use "passkey + keyfile", "keyfile" and "passkey" init and authentication methods for a encrypted GELI provider. The question I have is whether it is possible to have a "passkey OR keyfile" authentication method when using GELI. The idea is to normally use a strong passkey for attaching and using the providers, while keeping a keyfile stored "elsewhere" in a safe location out of premises. In the event of forgetting the passkey, the keyfile would be retrieved and used to access the data and change the forgotten passkey. Thanks again for your insight. - Dan Naumov On Wed, May 27, 2009 at 4:56 PM, Dan Naumov wrote: > Thanks, that worked like a charm. Is there a way to have background > fsck autolaunch itself when an attempt is made to mount an unclean ufs > filesystem on a geli provider? > > - Dan Naumov From owner-freebsd-geom@FreeBSD.ORG Wed May 27 16:56:25 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAE751065672 for ; Wed, 27 May 2009 16:56:25 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id 38B608FC0C for ; Wed, 27 May 2009 16:56:24 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by bwz9 with SMTP id 9so4886471bwz.43 for ; Wed, 27 May 2009 09:56:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=cMMY1N0wOcEKhLYnCWZtk20EQZeALJ85fzYqCslHRbc=; b=SxIpfjXsvnj22FCqmPPrDoFqRskVn7DkDT0JHw6FJVkEncF+gL2d2L/Pe9RmrryeXS 2OjB1scdB2vfR8FBkiBokJbqx3cncbmn8Ypqdj2IBMWsPN0wa8fvmz0g29I1w+fou4Ce ZO7VIJAwd7RvVAv1uN0xvSoFZ7T948ygYRnOk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=Hemzvf1zQrnliAqdCH9P9F91yV7ApcxtCtaqJWyc6IMnsgu+D4Qc0jGBwbKtTal6Hn YruUOYX7LKOVzMHygIeA+KjB0Y6zUfPd6UDDFxy6me7e3FfExJ9GqbtYC260YImP2Ks7 RV2tEStVCoTtsv0DXgVJiJOywj0WL13HOEyxQ= Received: by 10.204.113.198 with SMTP id b6mr164683bkq.115.1243443383849; Wed, 27 May 2009 09:56:23 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id z15sm4337793fkz.4.2009.05.27.09.56.20 (version=SSLv3 cipher=RC4-MD5); Wed, 27 May 2009 09:56:23 -0700 (PDT) Date: Wed, 27 May 2009 17:56:13 +0100 From: RW To: freebsd-geom@freebsd.org Message-ID: <20090527175613.1b92c217@gumby.homeunix.com> In-Reply-To: References: X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 16:56:26 -0000 On Wed, 27 May 2009 18:57:11 +0300 Dan Naumov wrote: > And some further questions: > > 1) Is there any basis for the claims that in the event of a failure > (power outage, slowly dying drive, etc) that one is much more likely > to lose ALL his data when using encryption vs not using any > encryption? The argument is that when you have a non-encrypted drive > or partition that is damaged, you have a lot of tools at your disposal > to attempt to recover your data, but if your data is encrypted, even > relatively low amount of damage in the "wrong" place on the > drive/partition can cause it to become undecipherable and cause > complete loss of data. You can backup the metadata to a file, if you lock yourself out you can use the install disk as a "live-cd" > > 2) Thanks to the help I have received so far, I now know how to use > "passkey + keyfile", "keyfile" and "passkey" init and authentication > methods for a encrypted GELI provider. The question I have is whether > it is possible to have a "passkey OR keyfile" authentication method > when using GELI. The idea is to normally use a strong passkey for > attaching and using the providers, while keeping a keyfile stored > "elsewhere" in a safe location out of premises. In the event of > forgetting the passkey, the keyfile would be retrieved and used to > access the data and change the forgotten passkey. > I've not used it myself, but take a look at the setkey option. You could have key 0 as a passphrase and key 1 as a file. OTOH I don't see the advantage of keeping the file in a safe place over keeping the passphrase in a safe place. From owner-freebsd-geom@FreeBSD.ORG Wed May 27 20:32:16 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87CD910657F6; Wed, 27 May 2009 20:32:16 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id 13F0A8FC23; Wed, 27 May 2009 20:32:14 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7cdf.q.ppp-pool.de [89.53.124.223]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id CC39512884A; Wed, 27 May 2009 22:13:06 +0200 (CEST) Received: from [192.168.16.4] (dardanos.sz.vwsoft.com [192.168.16.4]) by mail.vtec.ipme.de (Postfix) with ESMTP id A16AD33F8F; Wed, 27 May 2009 22:12:50 +0200 (CEST) Message-ID: <4A1D9EC5.3020006@vwsoft.com> Date: Wed, 27 May 2009 22:12:53 +0200 From: Volker User-Agent: Thunderbird 2.0.0.21 (X11/20090417) MIME-Version: 1.0 To: Ivan Voras References: In-Reply-To: X-Enigmail-Version: 0.95.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-MailScanner-ID: A16AD33F8F.B925F X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com MailScanner-NULL-Check: 1244059980.3773@+bcp1xBSP8DOeoUVq1kUFg X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: RW , freebsd-geom@freebsd.org Subject: Re: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 20:32:17 -0000 On 12/23/-58 20:59, Ivan Voras wrote: > Dan Naumov wrote: >> Hello (World). >> >> I am in the process of building a new system for a home NAS/webserver >> use and the hardware is basically this: >> >> Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel >> D945GCLF2, 2 GB RAM. >> Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mode) >> 1 x 1.5 TB Western Digital Caviar Green (will get more as the need arises) >> >> A pic of the system, for the curious: >> http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-storage.jpg?w=500&h=360 >> >> I have been looking into encrypting most of the system with GELI using >> the default 256bit AES, how big of a performance hit should I expect >> on this CPU? > > If you have an Atom machine you can simply check - issue an "openssl > speed aes" command and check the results. For comparison, Xeon 5405 (2 > GHz) gives: > > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 > bytes > aes-128 cbc 89558.04k 101934.80k 104123.42k 102857.83k > 103801.84k > aes-192 cbc 84368.49k 89821.97k 91069.49k 90385.70k > 91112.45k > aes-256 cbc 75515.15k 80486.21k 81367.19k 80650.02k > 81554.34k > > I.e. with AES-256 and blocks of data of 1024 bytes, I get 80 MB/s. > > Except if you're really paranoid, you might want to relax your security > requirements and use aes-128 without essentially reducing your practical > security. > For reference, here're the values taken on a dual core Atom: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 17947.16k 18502.91k 18703.91k 18271.91k 18955.39k aes-192 cbc 16404.93k 15966.46k 16615.41k 16115.26k 16466.56k aes-256 cbc 13711.70k 14016.79k 14342.35k 14109.98k 14738.16k FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 10:22:05 CEST 2009 CPU: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (1618.44-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x106c2 Stepping = 2 Features=0xbfe9fbff Features2=0x40e31d> AMD Features=0x20100000 AMD Features2=0x1 Cores per package: 2 Logical CPUs per core: 2 real memory = 2137391104 (2038 MB) avail memory = 2077528064 (1981 MB) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP/HT): APIC ID: 3 ioapic0: Changing APIC ID to 2 ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 cryptosoft0: on motherboard I would not expect a fast workhorse but these machines are making a nice desktop system. Enjoy! Volker From owner-freebsd-geom@FreeBSD.ORG Wed May 27 20:41:15 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3EF3C10656CC for ; Wed, 27 May 2009 20:41:15 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.246]) by mx1.freebsd.org (Postfix) with ESMTP id EB3FC8FC14 for ; Wed, 27 May 2009 20:41:14 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by an-out-0708.google.com with SMTP id c3so2621940ana.13 for ; Wed, 27 May 2009 13:41:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=FAEqD8OBM9nJcafmvheDYYVSAEhEDbwlco/5F0lQIkg=; b=s1hPW/PRRhqCxA+bxbBB/lTg8M7vInUUJfvhsMN41K0OKZqvOdlqWeCGBRkNNVEuO1 9z6ZbvSXl3qSp1D9a+l/J4OLvaxE3p5Ci41EeeYq3JK1+TJk5el/9uIVYhjsEesnxmz4 IAM6CzNm3aI6z+pnHp/Isy8PgobrFEAgpsppw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=AIb8l9xPp5QmlruZr7MQaGMwpeYLQmaN7rlWhwjSn8EQAt4/lBY4sYkHpIM/J/sWEL iNQnZJ17SP04lunaaXt69rD4crCM0SSZLkDF0tApinL6aUix2PFE9WS9gGfeCQPWl4/o dnUKhRLIBKmPylEH45oiimNUApNwx6eCvIahE= MIME-Version: 1.0 Received: by 10.100.126.19 with SMTP id y19mr804657anc.46.1243456874248; Wed, 27 May 2009 13:41:14 -0700 (PDT) In-Reply-To: <4A1D9EC5.3020006@vwsoft.com> References: <4A1D9EC5.3020006@vwsoft.com> Date: Wed, 27 May 2009 23:41:14 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 20:41:16 -0000 Wow, so on a dual core Atom, I would essentially be bottlenecked by my CPU at 18 MB/s throughput? I guess that puts GELI encryption completely out of the question and I need to look into some other solution :( - Dan Naumov > For reference, here're the values taken on a dual core Atom: > > type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 > bytes > aes-128 cbc =A0 =A0 =A017947.16k =A0 =A018502.91k =A0 =A018703.91k =A0 = =A018271.91k > 18955.39k > > aes-192 cbc =A0 =A0 =A016404.93k =A0 =A015966.46k =A0 =A016615.41k =A0 = =A016115.26k > 16466.56k > > aes-256 cbc =A0 =A0 =A013711.70k =A0 =A014016.79k =A0 =A014342.35k =A0 = =A014109.98k > 14738.16k > > > FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 > 10:22:05 CEST 2009 > > CPU: Intel(R) Atom(TM) CPU =A0330 =A0 @ 1.60GHz (1618.44-MHz 686-class CP= U) > =A0Origin =3D "GenuineIntel" =A0Id =3D 0x106c2 =A0Stepping =3D 2 > > Features=3D0xbfe9fbff > =A0Features2=3D0x40e31d> > =A0AMD Features=3D0x20100000 > =A0AMD Features2=3D0x1 > =A0Cores per package: 2 > =A0Logical CPUs per core: 2 > real memory =A0=3D 2137391104 (2038 MB) > avail memory =3D 2077528064 (1981 MB) > ACPI APIC Table: > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > =A0cpu0 (BSP): APIC ID: =A00 > =A0cpu1 (AP/HT): APIC ID: =A01 > =A0cpu2 (AP): APIC ID: =A02 > =A0cpu3 (AP/HT): APIC ID: =A03 > ioapic0: Changing APIC ID to 2 > ioapic0 irqs 0-23 on motherboard > kbd1 at kbdmux0 > cryptosoft0: on motherboard From owner-freebsd-geom@FreeBSD.ORG Wed May 27 20:58:57 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1093106570C; Wed, 27 May 2009 20:58:57 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.244]) by mx1.freebsd.org (Postfix) with ESMTP id 652458FC21; Wed, 27 May 2009 20:58:56 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by an-out-0708.google.com with SMTP id c3so2627504ana.13 for ; Wed, 27 May 2009 13:58:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Jkh7VzMPQfuosNvvpwHRYV4M/Bd9QziE9oVP6BOLny4=; b=KXFyUAqqQqTHr1BXNiqYU4jAP82G8+iOuXaJ294XtkQ0PPy8rTvO81H77eh3oj2Tre Xz05jiKKwUsvoS7gNUDcr9aPZSGXHmI3FK8BrC6KF5i0d4/t7YUpgpn8QKLaWop+XAQI ZkwkDa9nIEZl4tC4b1LmQCTpONaWTfhih/CHY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=naD4V50EDhln5OAIHHAFUbuaTat3rhIYn3JjqxpAFOukFAUNEiHuG3zPiSl1wWlI93 +yCVRlrDzxBSSBUfHIAyARzOqlsZ1Ef5Eq937tpwoF8GlOrhnYIVC9Y89r6eCR7kKdb2 QuIWtOCrwKIUaEAAW+LGz3i7v1kf17qjoDqfA= MIME-Version: 1.0 Received: by 10.100.105.4 with SMTP id d4mr827687anc.39.1243457936487; Wed, 27 May 2009 13:58:56 -0700 (PDT) In-Reply-To: <4A1D9EC5.3020006@vwsoft.com> References: <4A1D9EC5.3020006@vwsoft.com> Date: Wed, 27 May 2009 23:58:56 +0300 Message-ID: From: Dan Naumov To: Volker Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: RW , Ivan Voras , freebsd-geom@freebsd.org Subject: Re: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 20:58:58 -0000 Could you also run the test for: Camellia and Blowfish please? Thanks, - Dan Naumov > For reference, here're the values taken on a dual core Atom: > > type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 > bytes > aes-128 cbc =A0 =A0 =A017947.16k =A0 =A018502.91k =A0 =A018703.91k =A0 = =A018271.91k > 18955.39k > > aes-192 cbc =A0 =A0 =A016404.93k =A0 =A015966.46k =A0 =A016615.41k =A0 = =A016115.26k > 16466.56k > > aes-256 cbc =A0 =A0 =A013711.70k =A0 =A014016.79k =A0 =A014342.35k =A0 = =A014109.98k > 14738.16k > > > FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 > 10:22:05 CEST 2009 > > CPU: Intel(R) Atom(TM) CPU =A0330 =A0 @ 1.60GHz (1618.44-MHz 686-class CP= U) > =A0Origin =3D "GenuineIntel" =A0Id =3D 0x106c2 =A0Stepping =3D 2 > > Features=3D0xbfe9fbff > =A0Features2=3D0x40e31d> > =A0AMD Features=3D0x20100000 > =A0AMD Features2=3D0x1 > =A0Cores per package: 2 > =A0Logical CPUs per core: 2 > real memory =A0=3D 2137391104 (2038 MB) > avail memory =3D 2077528064 (1981 MB) > ACPI APIC Table: > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > =A0cpu0 (BSP): APIC ID: =A00 > =A0cpu1 (AP/HT): APIC ID: =A01 > =A0cpu2 (AP): APIC ID: =A02 > =A0cpu3 (AP/HT): APIC ID: =A03 > ioapic0: Changing APIC ID to 2 > ioapic0 irqs 0-23 on motherboard > kbd1 at kbdmux0 > cryptosoft0: on motherboard > > > I would not expect a fast workhorse but these machines are making a nice > desktop system. > > Enjoy! > > Volker > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" > From owner-freebsd-geom@FreeBSD.ORG Wed May 27 21:23:17 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E7B810656F6; Wed, 27 May 2009 21:23:17 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id BD13B8FC2F; Wed, 27 May 2009 21:23:16 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7cdf.q.ppp-pool.de [89.53.124.223]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id 1F78512884A; Wed, 27 May 2009 23:23:06 +0200 (CEST) Received: from [192.168.16.4] (dardanos.sz.vwsoft.com [192.168.16.4]) by mail.vtec.ipme.de (Postfix) with ESMTP id 5B57E33F8F; Wed, 27 May 2009 23:22:50 +0200 (CEST) Message-ID: <4A1DAF2D.1040604@vwsoft.com> Date: Wed, 27 May 2009 23:22:53 +0200 From: Volker User-Agent: Thunderbird 2.0.0.21 (X11/20090417) MIME-Version: 1.0 To: Dan Naumov References: <4A1D9EC5.3020006@vwsoft.com> In-Reply-To: X-Enigmail-Version: 0.95.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-MailScanner-ID: 5B57E33F8F.7D974 X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com MailScanner-NULL-Check: 1244064179.79015@zxTi4OHFC3mLOVB+kY979w X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: RW , Ivan Voras , freebsd-geom@freebsd.org Subject: Re: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 21:23:18 -0000 On 05/27/09 22:58, Dan Naumov wrote: > Could you also run the test for: Camellia and Blowfish please? Sure but do not count on the absolute values as the system wasn't idling 100% (~88-96%): type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes camellia-128 cbc 20121.31k 21752.35k 21556.40k 21838.64k 22375.53k camellia-192 cbc 16804.24k 17087.62k 17283.35k 17494.13k 16584.06k camellia-256 cbc 15925.81k 17256.89k 17425.49k 17605.67k 17092.26k type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes blowfish cbc 49186.75k 51979.89k 53195.92k 53742.92k 52371.59k Also I found the sha values of interest: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3303.61k 8459.49k 19921.03k 33585.85k 47594.24k sha256 3408.83k 8519.20k 15886.04k 20473.32k 21481.23k sha512 1065.92k 4681.24k 7383.90k 10189.10k 11597.66k > >> For reference, here're the values taken on a dual core Atom: >> >> type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 >> bytes >> aes-128 cbc 17947.16k 18502.91k 18703.91k 18271.91k >> 18955.39k >> >> aes-192 cbc 16404.93k 15966.46k 16615.41k 16115.26k >> 16466.56k >> >> aes-256 cbc 13711.70k 14016.79k 14342.35k 14109.98k >> 14738.16k >> >> >> FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 >> 10:22:05 CEST 2009 >> >> CPU: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (1618.44-MHz 686-class CPU) >> Origin = "GenuineIntel" Id = 0x106c2 Stepping = 2 >> >> Features=0xbfe9fbff >> Features2=0x40e31d> >> AMD Features=0x20100000 >> AMD Features2=0x1 >> Cores per package: 2 >> Logical CPUs per core: 2 >> real memory = 2137391104 (2038 MB) >> avail memory = 2077528064 (1981 MB) >> ACPI APIC Table: >> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >> cpu0 (BSP): APIC ID: 0 >> cpu1 (AP/HT): APIC ID: 1 >> cpu2 (AP): APIC ID: 2 >> cpu3 (AP/HT): APIC ID: 3 >> ioapic0: Changing APIC ID to 2 >> ioapic0 irqs 0-23 on motherboard >> kbd1 at kbdmux0 >> cryptosoft0: on motherboard From owner-freebsd-geom@FreeBSD.ORG Wed May 27 21:36:52 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BFA271065672; Wed, 27 May 2009 21:36:51 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by mx1.freebsd.org (Postfix) with ESMTP id 3C4BC8FC0A; Wed, 27 May 2009 21:36:50 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by an-out-0708.google.com with SMTP id c3so2638884ana.13 for ; Wed, 27 May 2009 14:36:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=TA5C20uiv2flQVT8hl3WRG39cZbIUwBrU6M6JQaXk2g=; b=USvXdA8bCA3QWavprdzi28A44oXDHoSTvccNZRUMp0VOLOdKf+jnswbhFsm043x+QQ wI9TA+o4QG7crLtpLmbNfoHeVQDlmS1d8d2fTok6zEycih5HN+csNYfSjPZUyr8mY++y +6qJcGq6zGkNtb02fniIkd4ISLbKytTn8eP8M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=nX9ffwpdi/g6gcbP+FOvaH2C3rzi8I/8+eu43aWjrn2b1xuP0B6x6kXoutzPUKI+0T xMXN6HwC6cpQLQkbBbgxB6KnaYCCwowTkMz2ZMGHE9nCm/s50CsZNJZsS9MEqK1OGQf2 Oz/qEeguPmnD8RcvWklMV5JGh5jKuUeI7HkoM= MIME-Version: 1.0 Received: by 10.100.205.15 with SMTP id c15mr950824ang.5.1243460210448; Wed, 27 May 2009 14:36:50 -0700 (PDT) In-Reply-To: <4A1DAF2D.1040604@vwsoft.com> References: <4A1D9EC5.3020006@vwsoft.com> <4A1DAF2D.1040604@vwsoft.com> Date: Thu, 28 May 2009 00:36:50 +0300 Message-ID: From: Dan Naumov To: Volker Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: RW , Ivan Voras , freebsd-geom@freebsd.org Subject: Re: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 21:36:53 -0000 This is great, thanks a lot! Just as I got depressed that if I would be stuck with 18MB/s throughput if I went with my planned route, you provide more results that show that Blowfish would be a great choice for what I want to do, 50 MB/s is going to be plenty for my needs. Your results also seem to be backed by these benchmark results I found (Also ran on an Atom): http://www.mail-archive.com/support@pfsense.com/msg15423.html Thanks a lot again! - Dan Naumov On Thu, May 28, 2009 at 12:22 AM, Volker wrote: > > On 05/27/09 22:58, Dan Naumov wrote: >> Could you also run the test for: Camellia and Blowfish please? > > Sure but do not count on the absolute values as the system wasn't idling > 100% (~88-96%): > > type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 > bytes > camellia-128 cbc =A0 =A020121.31k =A0 =A021752.35k =A0 =A021556.40k =A0 = =A021838.64k > 22375.53k > camellia-192 cbc =A0 =A016804.24k =A0 =A017087.62k =A0 =A017283.35k =A0 = =A017494.13k > 16584.06k > camellia-256 cbc =A0 =A015925.81k =A0 =A017256.89k =A0 =A017425.49k =A0 = =A017605.67k > 17092.26k > > type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 > bytes > blowfish cbc =A0 =A0 49186.75k =A0 =A051979.89k =A0 =A053195.92k =A0 =A05= 3742.92k > 52371.59k > > Also I found the sha values of interest: > > type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 > bytes > sha1 =A0 =A0 =A0 =A0 =A0 =A0 =A03303.61k =A0 =A0 8459.49k =A0 =A019921.03= k =A0 =A033585.85k > 47594.24k > sha256 =A0 =A0 =A0 =A0 =A0 =A03408.83k =A0 =A0 8519.20k =A0 =A015886.04k = =A0 =A020473.32k > 21481.23k > sha512 =A0 =A0 =A0 =A0 =A0 =A01065.92k =A0 =A0 4681.24k =A0 =A0 7383.90k = =A0 =A010189.10k > 11597.66k > > >> >>> For reference, here're the values taken on a dual core Atom: >>> >>> type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes= =A0 1024 bytes =A0 8192 >>> bytes >>> aes-128 cbc =A0 =A0 =A017947.16k =A0 =A018502.91k =A0 =A018703.91k =A0 = =A018271.91k >>> 18955.39k >>> >>> aes-192 cbc =A0 =A0 =A016404.93k =A0 =A015966.46k =A0 =A016615.41k =A0 = =A016115.26k >>> 16466.56k >>> >>> aes-256 cbc =A0 =A0 =A013711.70k =A0 =A014016.79k =A0 =A014342.35k =A0 = =A014109.98k >>> 14738.16k >>> >>> >>> FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 >>> 10:22:05 CEST 2009 >>> >>> CPU: Intel(R) Atom(TM) CPU =A0330 =A0 @ 1.60GHz (1618.44-MHz 686-class = CPU) >>> =A0Origin =3D "GenuineIntel" =A0Id =3D 0x106c2 =A0Stepping =3D 2 >>> >>> Features=3D0xbfe9fbff >>> =A0Features2=3D0x40e31d> >>> =A0AMD Features=3D0x20100000 >>> =A0AMD Features2=3D0x1 >>> =A0Cores per package: 2 >>> =A0Logical CPUs per core: 2 >>> real memory =A0=3D 2137391104 (2038 MB) >>> avail memory =3D 2077528064 (1981 MB) >>> ACPI APIC Table: >>> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >>> =A0cpu0 (BSP): APIC ID: =A00 >>> =A0cpu1 (AP/HT): APIC ID: =A01 >>> =A0cpu2 (AP): APIC ID: =A02 >>> =A0cpu3 (AP/HT): APIC ID: =A03 >>> ioapic0: Changing APIC ID to 2 >>> ioapic0 irqs 0-23 on motherboard >>> kbd1 at kbdmux0 >>> cryptosoft0: on motherboard > > From owner-freebsd-geom@FreeBSD.ORG Wed May 27 22:04:05 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27E06106566C for ; Wed, 27 May 2009 22:04:05 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by mx1.freebsd.org (Postfix) with ESMTP id D31728FC1D for ; Wed, 27 May 2009 22:04:04 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so2690646yxb.13 for ; Wed, 27 May 2009 15:04:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=D6EfIFKTyK7ose8Pvc90bjEwgCuuzetca6l1ngHPaL8=; b=MxZ8y7Xqq16qDBiLtV6r1erCD+9FxKoJlhqxkIHGErC4WBZseqBbnslPwHbbjMY2wN gksum0gn6CFwW5x+nidaBnyyOojiUCEc4TVrt5QlghMhG0ODn3LzPtybY0/Ibnub7Rmd 3cOuI9ocexkmZfu4Ln2+bKjJmIv9nkSnq3kmk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=XXzzKakHW9GIXDuu69LfbrzV4x62X2OXcCXi6Y/R5ET6K6QZcMY3gnOVCWV5LW2tlL G1ajSHr3qKrpr5brkSuxZSd7q6dxyUSItPPa0Ht69A0N/pc/Xpiel2a9lO++Pb1Pje0K zlMXt+CVOrTSPizScn/YFDWbtV+aiQOrpj6SI= MIME-Version: 1.0 Received: by 10.100.110.9 with SMTP id i9mr845295anc.130.1243461843758; Wed, 27 May 2009 15:04:03 -0700 (PDT) In-Reply-To: References: <4A1D9EC5.3020006@vwsoft.com> Date: Thu, 28 May 2009 01:04:03 +0300 Message-ID: From: Dan Naumov To: Michael Jung , volker@vwsoft.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-geom@freebsd.org Subject: Re: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 22:04:05 -0000 Wow, when I thought things couldn't get any better, people surprise me :) Volker, could I bug you for another set of Intel Atom results for AES and Blowfish, bu this time with -multi 4? Thanks! - Dan Naumov On Thu, May 28, 2009 at 12:41 AM, Michael Jung wrote: > FWIW: > > You need to use the "-multi " switch for multi-core/multi-proc= essors > > #openssl speed aes > CPU: Dual-Core AMD Opteron(tm) Processor 2216 (2394.02-MHz 686-class CPU) > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > =A0cpu0 (BSP): APIC ID: =A00 > =A0cpu1 (AP): APIC ID: =A01 > =A0cpu2 (AP): APIC ID: =A02 > =A0cpu3 (AP): APIC ID: =A03 > 7.0-RELEASE > > type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 bytes > aes-128 cbc =A0 =A0 =A051067.07k =A0 =A051552.36k =A0 =A052142.46k =A0 = =A052158.35k =A0 =A052302.93k > aes-192 cbc =A0 =A0 =A044284.34k =A0 =A045152.29k =A0 =A045648.03k =A0 = =A045653.66k =A0 =A045784.30k > aes-256 cbc =A0 =A0 =A039358.18k =A0 =A039717.28k =A0 =A040087.25k =A0 = =A040117.40k =A0 =A040196.85k > > Same machine with multi switch > > #openssl speed aes -multi 4 > aes-128 cbc =A0 =A0 204173.66k =A0 205888.69k =A0 208489.35k =A0 208569.5= 3k =A0 209142.85k > aes-192 cbc =A0 =A0 176980.36k =A0 180404.81k =A0 182537.84k =A0 182469.9= 1k =A0 183064.72k > aes-256 cbc =A0 =A0 157313.97k =A0 158619.06k =A0 160317.78k =A0 160399.1= 9k =A0 160746.01k > > --mikej > > -----Original Message----- > From: owner-freebsd-geom@freebsd.org [mailto:owner-freebsd-geom@freebsd.o= rg] On Behalf Of Dan Naumov > Sent: Wednesday, May 27, 2009 4:41 PM > To: freebsd-geom@freebsd.org > Subject: Re: Re: GELI encryption - CPU requirements? > > Wow, so on a dual core Atom, I would essentially be bottlenecked by my > CPU at 18 MB/s throughput? I guess that puts GELI encryption > completely out of the question and I need to look into some other > solution :( > > > - Dan Naumov > > > >> For reference, here're the values taken on a dual core Atom: >> >> type =A0 =A0 =A0 =A0 =A0 =A0 16 bytes =A0 =A0 64 bytes =A0 =A0256 bytes = =A0 1024 bytes =A0 8192 >> bytes >> aes-128 cbc =A0 =A0 =A017947.16k =A0 =A018502.91k =A0 =A018703.91k =A0 = =A018271.91k >> 18955.39k >> >> aes-192 cbc =A0 =A0 =A016404.93k =A0 =A015966.46k =A0 =A016615.41k =A0 = =A016115.26k >> 16466.56k >> >> aes-256 cbc =A0 =A0 =A013711.70k =A0 =A014016.79k =A0 =A014342.35k =A0 = =A014109.98k >> 14738.16k >> >> >> FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 >> 10:22:05 CEST 2009 >> >> CPU: Intel(R) Atom(TM) CPU =A0330 =A0 @ 1.60GHz (1618.44-MHz 686-class C= PU) >> =A0Origin =3D "GenuineIntel" =A0Id =3D 0x106c2 =A0Stepping =3D 2 >> >> Features=3D0xbfe9fbff >> =A0Features2=3D0x40e31d> >> =A0AMD Features=3D0x20100000 >> =A0AMD Features2=3D0x1 >> =A0Cores per package: 2 >> =A0Logical CPUs per core: 2 >> real memory =A0=3D 2137391104 (2038 MB) >> avail memory =3D 2077528064 (1981 MB) >> ACPI APIC Table: >> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >> =A0cpu0 (BSP): APIC ID: =A00 >> =A0cpu1 (AP/HT): APIC ID: =A01 >> =A0cpu2 (AP): APIC ID: =A02 >> =A0cpu3 (AP/HT): APIC ID: =A03 >> ioapic0: Changing APIC ID to 2 >> ioapic0 irqs 0-23 on motherboard >> kbd1 at kbdmux0 >> cryptosoft0: on motherboard > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" > > CONFIDENTIALITY NOTE: This message is intended only for the use > of the individual or entity to whom it is addressed and may contain > information that is privileged, confidential, and exempt from > disclosure under applicable law. If the reader of this message is > not the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication > is strictly prohibited. If you have received this transmission > in error, please notify us by telephone at (502) 212-4001 or > notify us at PAI , Dept. 99, 11857 Commonwealth Drive, > Louisville, KY =A040299. =A0Thank you. > From owner-freebsd-geom@FreeBSD.ORG Wed May 27 22:50:16 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BB0E106566B for ; Wed, 27 May 2009 22:50:16 +0000 (UTC) (envelope-from ac@belngo.info) Received: from mail-ew0-f212.google.com (mail-ew0-f212.google.com [209.85.219.212]) by mx1.freebsd.org (Postfix) with ESMTP id 080258FC20 for ; Wed, 27 May 2009 22:50:15 +0000 (UTC) (envelope-from ac@belngo.info) Received: by ewy8 with SMTP id 8so1340555ewy.43 for ; Wed, 27 May 2009 15:50:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.210.16.11 with SMTP id 11mr337480ebp.12.1243464614970; Wed, 27 May 2009 15:50:14 -0700 (PDT) In-Reply-To: <20090527175613.1b92c217@gumby.homeunix.com> References: <20090527175613.1b92c217@gumby.homeunix.com> Date: Thu, 28 May 2009 01:50:14 +0300 Message-ID: <5709ce310905271550j28fc6254t5ee2960f84c50e7b@mail.gmail.com> From: Alaksiej C To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 22:50:16 -0000 > 1) Is there any basis for the claims that in the event > of a failure (power outage, slowly dying drive, etc) > that one is much more likely to lose ALL his data > when using encryption vs not using any encryption? > The argument is that when you have a non-encrypted Dan, The only "wrong" place, which if damaged will make your encrypted data unusable is control block (metadata). As it was mentioned before, you can back it up with "geli backup" command. Though, if data is really valuable, it would be better to do backup copies of it regularly regardless of encryption. And if you do, than, speaking about probability of irreparable data loss, there's no difference between encrypted and unencrypted HDD, slice etc. From owner-freebsd-geom@FreeBSD.ORG Wed May 27 23:02:50 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25330106566B for ; Wed, 27 May 2009 23:02:50 +0000 (UTC) (envelope-from ac@belngo.info) Received: from mail-ew0-f212.google.com (mail-ew0-f212.google.com [209.85.219.212]) by mx1.freebsd.org (Postfix) with ESMTP id B2E3F8FC17 for ; Wed, 27 May 2009 23:02:49 +0000 (UTC) (envelope-from ac@belngo.info) Received: by ewy8 with SMTP id 8so1346774ewy.43 for ; Wed, 27 May 2009 16:02:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.210.16.11 with SMTP id 11mr341500ebp.12.1243465368585; Wed, 27 May 2009 16:02:48 -0700 (PDT) In-Reply-To: <5709ce310905271550j28fc6254t5ee2960f84c50e7b@mail.gmail.com> References: <20090527175613.1b92c217@gumby.homeunix.com> <5709ce310905271550j28fc6254t5ee2960f84c50e7b@mail.gmail.com> Date: Thu, 28 May 2009 02:02:48 +0300 Message-ID: <5709ce310905271602s5144f877ra487867098785dc2@mail.gmail.com> From: Alaksiej C To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Questions on GELI encryption X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 23:02:50 -0000 On Thu, May 28, 2009 at 1:50 AM, Alaksiej C wrote: > Though, if data is really valuable, it would be better to do backup > copies of it regularly regardless of encryption. And if you do, than, > speaking about probability of irreparable data loss, there's no > difference between encrypted and unencrypted HDD, slice etc. > Well, to say more precisely, there's a possibility of losing "last-minute data", which couldn't be recovered from copies, so it's better to backup both data and GELI metadata. In this case, I believe, you will have the same level of repairability as for unencrypted drive. From owner-freebsd-geom@FreeBSD.ORG Thu May 28 00:05:12 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20E441065672 for ; Thu, 28 May 2009 00:05:12 +0000 (UTC) (envelope-from mikej@paymentallianceintl.com) Received: from mx2.confluenttech.com (mx2.confluentasp.com [216.26.153.14]) by mx1.freebsd.org (Postfix) with ESMTP id D66778FC13 for ; Thu, 28 May 2009 00:05:10 +0000 (UTC) (envelope-from mikej@paymentallianceintl.com) Received: from calvin.pai.local (calvin.pai.local [10.0.6.33]) by mx2.confluenttech.com (8.14.1/8.13.8) with ESMTP id n4RLf97N009528; Wed, 27 May 2009 17:41:09 -0400 (EDT) (envelope-from mikej@paymentallianceintl.com) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 27 May 2009 17:41:10 -0400 Message-ID: Importance: normal Priority: normal In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Re: GELI encryption - CPU requirements? thread-index: AcnfC4qRZ444SbVuTROWhR/5Cyb26QACCFSA References: <4A1D9EC5.3020006@vwsoft.com> From: "Michael Jung" To: "Dan Naumov" , Cc: Subject: RE: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 00:05:12 -0000 FWIW:=20 You need to use the "-multi " switch for = multi-core/multi-processors #openssl speed aes CPU: Dual-Core AMD Opteron(tm) Processor 2216 (2394.02-MHz 686-class = CPU) FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 7.0-RELEASE type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 = bytes aes-128 cbc 51067.07k 51552.36k 52142.46k 52158.35k = 52302.93k aes-192 cbc 44284.34k 45152.29k 45648.03k 45653.66k = 45784.30k aes-256 cbc 39358.18k 39717.28k 40087.25k 40117.40k = 40196.85k Same machine with multi switch #openssl speed aes -multi 4 aes-128 cbc 204173.66k 205888.69k 208489.35k 208569.53k = 209142.85k aes-192 cbc 176980.36k 180404.81k 182537.84k 182469.91k = 183064.72k aes-256 cbc 157313.97k 158619.06k 160317.78k 160399.19k = 160746.01k --mikej -----Original Message----- From: owner-freebsd-geom@freebsd.org = [mailto:owner-freebsd-geom@freebsd.org] On Behalf Of Dan Naumov Sent: Wednesday, May 27, 2009 4:41 PM To: freebsd-geom@freebsd.org Subject: Re: Re: GELI encryption - CPU requirements? Wow, so on a dual core Atom, I would essentially be bottlenecked by my CPU at 18 MB/s throughput? I guess that puts GELI encryption completely out of the question and I need to look into some other solution :( - Dan Naumov > For reference, here're the values taken on a dual core Atom: > > type 16 bytes 64 bytes 256 bytes 1024 bytes = 8192 > bytes > aes-128 cbc 17947.16k 18502.91k 18703.91k 18271.91k > 18955.39k > > aes-192 cbc 16404.93k 15966.46k 16615.41k 16115.26k > 16466.56k > > aes-256 cbc 13711.70k 14016.79k 14342.35k 14109.98k > 14738.16k > > > FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24 > 10:22:05 CEST 2009 > > CPU: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (1618.44-MHz 686-class = CPU) > Origin =3D "GenuineIntel" Id =3D 0x106c2 Stepping =3D 2 > > = Features=3D0xbfe9fbff > = Features2=3D0x40e31d> > AMD Features=3D0x20100000 > AMD Features2=3D0x1 > Cores per package: 2 > Logical CPUs per core: 2 > real memory =3D 2137391104 (2038 MB) > avail memory =3D 2077528064 (1981 MB) > ACPI APIC Table: > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > cpu0 (BSP): APIC ID: 0 > cpu1 (AP/HT): APIC ID: 1 > cpu2 (AP): APIC ID: 2 > cpu3 (AP/HT): APIC ID: 3 > ioapic0: Changing APIC ID to 2 > ioapic0 irqs 0-23 on motherboard > kbd1 at kbdmux0 > cryptosoft0: on motherboard _______________________________________________ freebsd-geom@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" CONFIDENTIALITY NOTE: This message is intended only for the use of the individual or entity to whom it is addressed and may contain=20 information that is privileged, confidential, and exempt from=20 disclosure under applicable law. If the reader of this message is=20 not the intended recipient, you are hereby notified that any=20 dissemination, distribution or copying of this communication=20 is strictly prohibited. If you have received this transmission=20 in error, please notify us by telephone at (502) 212-4001 or=20 notify us at PAI , Dept. 99, 11857 Commonwealth Drive,=20 Louisville, KY 40299. Thank you. From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:14:04 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD6C91065674; Thu, 28 May 2009 22:14:04 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 834A08FC13; Thu, 28 May 2009 22:14:04 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SME4UY075961; Thu, 28 May 2009 22:14:04 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SME4gY075951; Thu, 28 May 2009 22:14:04 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:14:04 GMT Message-Id: <200905282214.n4SME4gY075951@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/116896: [geom] [patch] Typo in a kassert in GEOM X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:14:04 -0000 Old Synopsis: [patch] Typo in a kassert in GEOM New Synopsis: [geom] [patch] Typo in a kassert in GEOM Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:10:40 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. Apparently this fix still needs to be MFCed. http://www.freebsd.org/cgi/query-pr.cgi?pr=116896 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:14:39 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 139CB1065670; Thu, 28 May 2009 22:14:39 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DF2B98FC14; Thu, 28 May 2009 22:14:38 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMEcUI076350; Thu, 28 May 2009 22:14:38 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMEcLP076346; Thu, 28 May 2009 22:14:38 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:14:38 GMT Message-Id: <200905282214.n4SMEcLP076346@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: bin/81779: misleading error messages in geom(8) utilities. X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:14:39 -0000 Synopsis: misleading error messages in geom(8) utilities. Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:14:18 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=81779 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:15:02 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EDED2106566B; Thu, 28 May 2009 22:15:02 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C42D08FC19; Thu, 28 May 2009 22:15:02 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMF2HJ076404; Thu, 28 May 2009 22:15:02 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMF2qf076400; Thu, 28 May 2009 22:15:02 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:15:02 GMT Message-Id: <200905282215.n4SMF2qf076400@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/88601: [geli] geli cause kernel panic under heavy disk usage X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:15:03 -0000 Synopsis: [geli] geli cause kernel panic under heavy disk usage Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:14:45 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=88601 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:15:30 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77097106564A; Thu, 28 May 2009 22:15:30 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4D4158FC1C; Thu, 28 May 2009 22:15:30 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMFU7P076456; Thu, 28 May 2009 22:15:30 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMFUlj076452; Thu, 28 May 2009 22:15:30 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:15:30 GMT Message-Id: <200905282215.n4SMFUlj076452@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/113885: [gmirror] [patch] improved gmirror balance algorithm X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:15:30 -0000 Synopsis: [gmirror] [patch] improved gmirror balance algorithm Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:15:15 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=113885 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:15:53 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0F7E1065670; Thu, 28 May 2009 22:15:53 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A6AD68FC14; Thu, 28 May 2009 22:15:53 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMFrjk076505; Thu, 28 May 2009 22:15:53 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMFrdU076501; Thu, 28 May 2009 22:15:53 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:15:53 GMT Message-Id: <200905282215.n4SMFrdU076501@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/115856: [geli] ZFS thought it was degraded when it should have been faulted X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:15:54 -0000 Synopsis: [geli] ZFS thought it was degraded when it should have been faulted Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:15:43 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=115856 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:16:40 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96400106567F; Thu, 28 May 2009 22:16:40 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8E58FC17; Thu, 28 May 2009 22:16:40 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMGel0076559; Thu, 28 May 2009 22:16:40 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMGeNM076555; Thu, 28 May 2009 22:16:40 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:16:40 GMT Message-Id: <200905282216.n4SMGeNM076555@freefall.freebsd.org> To: ota@j.email.ne.jp, linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/120091: [geom] [geli] [gjournal] geli does not prompt for password on /dev/concat/XXX.eli.journal X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:16:40 -0000 Synopsis: [geom] [geli] [gjournal] geli does not prompt for password on /dev/concat/XXX.eli.journal State-Changed-From-To: feedback->open State-Changed-By: linimon State-Changed-When: Thu May 28 22:16:01 UTC 2009 State-Changed-Why: Note that feedback was received some time ago. Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:16:01 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=120091 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:16:58 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38CB2106566B; Thu, 28 May 2009 22:16:58 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CD4A98FC15; Thu, 28 May 2009 22:16:57 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMGvVF076609; Thu, 28 May 2009 22:16:57 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMGvUi076605; Thu, 28 May 2009 22:16:57 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:16:57 GMT Message-Id: <200905282216.n4SMGvUi076605@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/121481: [gmirror] data rot on disk with gmirror X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:16:58 -0000 Synopsis: [gmirror] data rot on disk with gmirror Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:16:48 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=121481 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:17:15 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6DDD3106566B; Thu, 28 May 2009 22:17:15 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 43DF88FC19; Thu, 28 May 2009 22:17:15 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMHFb7076661; Thu, 28 May 2009 22:17:15 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMHFXM076657; Thu, 28 May 2009 22:17:15 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:17:15 GMT Message-Id: <200905282217.n4SMHFXM076657@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/122738: [geom] gmirror list "losts consumers" after gmirror deactivate command X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:17:15 -0000 Synopsis: [geom] gmirror list "losts consumers" after gmirror deactivate command Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:17:06 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=122738 From owner-freebsd-geom@FreeBSD.ORG Thu May 28 22:18:58 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F046106566C; Thu, 28 May 2009 22:18:58 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 74BE68FC0A; Thu, 28 May 2009 22:18:58 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4SMIwfN076734; Thu, 28 May 2009 22:18:58 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4SMIw9e076730; Thu, 28 May 2009 22:18:58 GMT (envelope-from linimon) Date: Thu, 28 May 2009 22:18:58 GMT Message-Id: <200905282218.n4SMIw9e076730@freefall.freebsd.org> To: linimon@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: docs/130548: [patch] gjournal(8) man page is missing sysctls X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 22:18:58 -0000 Synopsis: [patch] gjournal(8) man page is missing sysctls Responsible-Changed-From-To: pjd->freebsd-geom Responsible-Changed-By: linimon Responsible-Changed-When: Thu May 28 22:17:23 UTC 2009 Responsible-Changed-Why: pjd is not actively working on GEOM at the moment. http://www.freebsd.org/cgi/query-pr.cgi?pr=130548 From owner-freebsd-geom@FreeBSD.ORG Fri May 29 19:40:06 2009 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFA6A1065689 for ; Fri, 29 May 2009 19:40:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A2B428FC14 for ; Fri, 29 May 2009 19:40:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4TJe6mf093460 for ; Fri, 29 May 2009 19:40:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4TJe6Ar093459; Fri, 29 May 2009 19:40:06 GMT (envelope-from gnats) Date: Fri, 29 May 2009 19:40:06 GMT Message-Id: <200905291940.n4TJe6Ar093459@freefall.freebsd.org> To: freebsd-geom@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/116896: commit references a PR X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2009 19:40:07 -0000 The following reply was made to PR kern/116896; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/116896: commit references a PR Date: Fri, 29 May 2009 19:37:26 +0000 (UTC) Author: lulf Date: Fri May 29 19:37:17 2009 New Revision: 193053 URL: http://svn.freebsd.org/changeset/base/193053 Log: MFC r179097: - Assert that we don't send new provider event for a provider which has G_PF_WITHER flag set. - Fix typo in assertion condition (sorry, but I forgot who report that). MFC r179151: Force commit to note, that the typo in KASSERT() was: PR: kern/116896 Reported by: VANHULLEBUS Yvan Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/dev/ath/ath_hal/ (props changed) stable/7/sys/dev/cxgb/ (props changed) stable/7/sys/geom/geom_subr.c Modified: stable/7/sys/geom/geom_subr.c ============================================================================== --- stable/7/sys/geom/geom_subr.c Fri May 29 19:27:52 2009 (r193052) +++ stable/7/sys/geom/geom_subr.c Fri May 29 19:37:17 2009 (r193053) @@ -531,6 +531,8 @@ g_new_provider_event(void *arg, int flag return; pp = arg; G_VALID_PROVIDER(pp); + KASSERT(!(pp->flags & G_PF_WITHER), + ("g_new_provider_event but withered")); LIST_FOREACH(mp, &g_classes, class) { if (mp->taste == NULL) continue; @@ -620,7 +622,7 @@ g_destroy_provider(struct g_provider *pp ("g_destroy_provider but attached")); KASSERT (pp->acr == 0, ("g_destroy_provider with acr")); KASSERT (pp->acw == 0, ("g_destroy_provider with acw")); - KASSERT (pp->acw == 0, ("g_destroy_provider with ace")); + KASSERT (pp->ace == 0, ("g_destroy_provider with ace")); g_cancel_event(pp); LIST_REMOVE(pp, provider); gp = pp->geom; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"