From owner-freebsd-geom@FreeBSD.ORG Mon Jul 5 19:26:19 2004 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB69E16A4CE for ; Mon, 5 Jul 2004 19:26:19 +0000 (GMT) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64D3D43D46 for ; Mon, 5 Jul 2004 19:26:19 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.11/8.12.11) with ESMTP id i65JQImv075542; Mon, 5 Jul 2004 15:26:18 -0400 (EDT) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.11/8.12.11/Submit) id i65JQIH0075541; Mon, 5 Jul 2004 15:26:18 -0400 (EDT) (envelope-from afields) Date: Mon, 5 Jul 2004 15:26:18 -0400 From: Allan Fields To: tthorsten@yahoo.de Message-ID: <20040705192618.GB74224@afields.ca> References: <20040705165030.GD70272@afields.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i cc: freebsd-geom@freebsd.org Subject: Re: Problem in attaching newly encrypted disk X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2004 19:26:20 -0000 On Mon, Jul 05, 2004 at 07:31:55PM +0200, tthorsten@yahoo.de wrote: > >Date: Mon, 5 Jul 2004 12:50:30 -0400 > >From: Allan Fields > >To: tthorsten@yahoo.de > >Cc: freebsd-geom@freebsd.org > >Subject: Re: Problem in attaching newly encrypted disk > > > >On Mon, Jul 05, 2004 at 06:26:34PM +0200, tthorsten@yahoo.de wrote: > >>Hi, > >> > >>I have a serious problem after I have done the following steps: > >> > >>Initialized new encrypted disk with > >> gbde init /dev/ad1s1c -i -L /etc/gbde/ad1s1c > >> -> sector_size = 2048 > >> -> one key > >> > >>Attached it to the kernel via > >> gbde attach ad1s1c -l /etc/gbde/ad1s1c > >> > >>Created new filesystem with > >> newfs -U /dev/ad1s1c.bde > >> > >>Mounted the filesystem with > >> mount /dev/ad1s1c.bde /dsk > >> > >>Then I put all my private data onto the newly created encrypted disk and > >>unmounted and detached it from kernel before halting the system. > >> > >>When I started the system again and tried to attach the disk again with > >> gbde attach ad1s1c -l /etc/gbde/ad1s1c > >>NOTHING HAPPENS! There will no /dev/ad1s1c.bde device there to mount. > >>The Passphrase is correct! > > > >Hmm.. you're volume may be corrupted now, see below.. Before you assume so, maybe think about the password for a while. Sometimes we can change passwords slightly depending on what hour they were entered. You can't totally rule it out that you just didn't remember / type correctly. Closer examination of the usr.sbin/gbde code and some debugging could narrow down where you are running out of luck during attach. > >>What went wrong? Does anybody have an answer or is all my data lost? > > > >Simple answer: yes, and this is one of the risks with all encrypted > >file systems. Probablly quite challenging to get it back absent > >backups. > >>I would be very happy, if anybody could help me with this. > > > >Is it possible you've written boot code on-top of the encrypted volume? > >Those strings look to belong to boot loader. > > > >You probably shouldn't have used the raw partition for the encrypted > >volume, > >next time disklabel the disk and use /dev/ad1s1a . I don't know why you > >want boot code on the second disk anyhow. > > > Hmm, seems really to be boot loader code. But I did not use fdisk or > disklabel > after creation of the encrypted disk. Maybe it isn't overwritten then and you just have boot code left-over from when you originally labeled the disk.. unless something could have over-writen, it's hard to think of other likely scenarios. > Did not know that its better to not use the raw partition :-( Well, I guess it doesn't matter unless something assumes that it can write over the first sectors containing your data. The good news is you still have your lock selector file (-L/-l). PHK: wouldn't the BDE class / GEOM prevent boot code from being written to the underlying partition (provider) if it were attached at the time? -- Allan Fields, AFRSL - http://afields.ca 2D4F 6806 D307 0889 6125 C31D F745 0D72 39B4 5541