From owner-freebsd-geom@FreeBSD.ORG Sun Oct 17 23:24:34 2010 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5EA4C1065670 for ; Sun, 17 Oct 2010 23:24:34 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1D0D78FC2B for ; Sun, 17 Oct 2010 23:24:33 +0000 (UTC) Received: by vws1 with SMTP id 1so179485vws.13 for ; Sun, 17 Oct 2010 16:24:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=XfrikdXGgcMGCzV+8duHR7MfwLDmCnnHJ6Z3FRrelcs=; b=TNbgzcXxm3iAtcVQqkHycyHVylebXFflJ5MbXbXMCTIxR2+U+DQQ0abXeJ9NcNJhZi cyubCkxOYxFc4JkBL6Yo4p0MglR1jWt5NiJhxFBgqsR2RFI5aH6TuzzJduOv37MuLNya otmRzfTfd+fKYeKtYiAU2Ks99M1DTxZHkN2sc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=O0sT3gsuaV9896wRImI/SDKHr1r3Zy1S+7++WYMavVhsqGMDOncqVfEDdKlFer0glL S2oXY8E5aPSwgAo5o61ZK0yNkP1i9Sa+y1HDLvxUn5bJbdvr1ao36lLS+qemZdjIrr5i YI3mVo9mlrUTT0f3pOmMm8kj/H6V/3sSTj5lc= MIME-Version: 1.0 Received: by 10.220.191.205 with SMTP id dn13mr912627vcb.271.1287356361194; Sun, 17 Oct 2010 15:59:21 -0700 (PDT) Received: by 10.220.193.138 with HTTP; Sun, 17 Oct 2010 15:59:21 -0700 (PDT) Date: Sun, 17 Oct 2010 18:59:21 -0400 Message-ID: From: grarpamp To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: GELI XTS X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Oct 2010 23:24:34 -0000 Is this headed/ready for RELENG_8? Will be initializing a good sized pile of disk before long and was hoping to go with XTS, etc. Also, in general, is there any sort of third party crypto/implementation review on geli and the related kernel crypto bits? Thanks. /head/sys/geom/eli/g_eli_crypto.c ... Revision 213070 etc Modified Thu Sep 23 11:58:36 2010 UTC (3 weeks, 3 days ago) by pjd Add support for AES-XTS. This will be the default now. Implement switching of data encryption key every 2^20 blocks. This ensures the same encryption key won't be used for more than 2^20 blocks (sectors). This will be the default now. MFC after: 1 week /head/sbin/geom/class/eli/geom_eli.c /head/sbin/geom/class/eli/geli.8 ... Revision 213172 etc Modified Sat Sep 25 17:38:57 2010 UTC (3 weeks, 1 day ago) by pjd - Add support for loading passphrase from a file (-J and -j options). This is especially useful for things like installers, where regular geli prompt can't be used. - Add support for specifing multiple -K or -k options, so there is no need to cat all keyfiles and read them from standard input. MFC after: 2 weeks