From owner-freebsd-geom@FreeBSD.ORG Mon Jan 9 22:42:24 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85D4C106566B for ; Mon, 9 Jan 2012 22:42:24 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id EF9E08FC0C for ; Mon, 9 Jan 2012 22:42:23 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id A9446A0C; Mon, 9 Jan 2012 23:25:31 +0100 (CET) Date: Mon, 9 Jan 2012 23:24:24 +0100 From: Pawel Jakub Dawidek To: Nathan Wehr Message-ID: <20120109222423.GA1801@garage.freebsd.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 9.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-geom@freebsd.org Subject: Re: Lost geli metadata X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2012 22:42:24 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 09, 2012 at 10:52:24AM -0500, Nathan Wehr wrote: > I have FreeBSD 8.0 installed on a machine with geli encrypting one of the= hard drives. Most of what's on the drive I can live without, but there are= a few important items that, unfortunately, don't exist elsewhere. When I t= ry to attach the drive, I get the following message: >=20 > [root@baxter ~/]# geli attach -k /root/ad4.key /dev/ad4 > [root@baxter ~/]# Enter Passphrase: (I enter passphrase no problem, geli = seems to attach) >=20 > [root@baxter ~/]# mount /dev/ad4.eli /private > mount: /dev/ad4.eli : No such file or directory <-- This is the problem >=20 > The rest of this sad story is really just a long list of me making stupid= mistakes. Here's a bit of history that might be helpful: >=20 > Mistake #1: Store non-backedup data on a backup drive that's encrypted.= =20 >=20 > If I hadn't of made Mistake #1, losing all of my data would be far less h= eart-wrenching. However - and unfortunately - my mistakes do not end there.= To start out with, I took out the CD/DVD drive from the machine to install= it in a different one. After I did that, the drive label for the encrypted= drive changed from ad4 to ad2. And of course geli wouldn't attach the driv= e and so I tried to use glabel. Needless to say, glabel didn't work. After = that, I backed up the meta data (more like overwrote meta data that was alr= eady backed up when I originally encrypted the drive) that geli puts on the= drive and then try to restore it after I insert the CD/DVD drive.=20 >=20 > This didn't work, and with a little bit of research, I found out that bot= h geli and glabel both write data to the same place on the hard drive (the = last sector). Which means that the backed up meta data which is at /var/bac= kups/ad4.eli now contains data for glabel instead of geli. I read somewhere= that the meta data for geli contains key information which doesn't make se= nse to me because I have the key stored at /root/ad4.key. So, my question..= =2E Is there any hope at recovering the information on the drive? If so, ho= w? And, if not, why? The /root/ad4.key file contains only a key that is being used to decrypt the master key, which is stored in provider's last sector. Ok, first of all, when you attach ad4 and it asks you for a passphrase, it means that metadata is there. What is the output of: # geli dump /dev/ad4 | head and what is the output after attaching of: # diskinfo -v /dev/ad4.eli Also note that geli automatically creates metadata backup on 'geli init' and stores it in /var/backups/ directory. Can you take a look if you have files with .eli suffix on the machine you initialized geli for this disk? --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk8LaRcACgkQForvXbEpPzQjUACfVM5S7CuLrWAJr6NoQ5JOF7gM mE0AnjO9jLhwAbI+QdsCXlD0Zbdb0CUW =cSGV -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--