Date: Mon, 5 Jul 2004 15:26:18 -0400 From: Allan Fields <bsd@afields.ca> To: tthorsten@yahoo.de Cc: freebsd-geom@freebsd.org Subject: Re: Problem in attaching newly encrypted disk Message-ID: <20040705192618.GB74224@afields.ca> In-Reply-To: <Pine.NEB.4.60.0407051925140.18543@otaku.freeshell.org> References: <Pine.NEB.4.60.0407051813340.29828@otaku.freeshell.org> <20040705165030.GD70272@afields.ca> <Pine.NEB.4.60.0407051925140.18543@otaku.freeshell.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 05, 2004 at 07:31:55PM +0200, tthorsten@yahoo.de wrote: > >Date: Mon, 5 Jul 2004 12:50:30 -0400 > >From: Allan Fields <bsd@afields.ca> > >To: tthorsten@yahoo.de > >Cc: freebsd-geom@freebsd.org > >Subject: Re: Problem in attaching newly encrypted disk > > > >On Mon, Jul 05, 2004 at 06:26:34PM +0200, tthorsten@yahoo.de wrote: > >>Hi, > >> > >>I have a serious problem after I have done the following steps: > >> > >>Initialized new encrypted disk with > >> gbde init /dev/ad1s1c -i -L /etc/gbde/ad1s1c > >> -> sector_size = 2048 > >> -> one key > >> > >>Attached it to the kernel via > >> gbde attach ad1s1c -l /etc/gbde/ad1s1c > >> > >>Created new filesystem with > >> newfs -U /dev/ad1s1c.bde > >> > >>Mounted the filesystem with > >> mount /dev/ad1s1c.bde /dsk > >> > >>Then I put all my private data onto the newly created encrypted disk and > >>unmounted and detached it from kernel before halting the system. > >> > >>When I started the system again and tried to attach the disk again with > >> gbde attach ad1s1c -l /etc/gbde/ad1s1c > >>NOTHING HAPPENS! There will no /dev/ad1s1c.bde device there to mount. > >>The Passphrase is correct! > > > >Hmm.. you're volume may be corrupted now, see below.. Before you assume so, maybe think about the password for a while. Sometimes we can change passwords slightly depending on what hour they were entered. You can't totally rule it out that you just didn't remember / type correctly. Closer examination of the usr.sbin/gbde code and some debugging could narrow down where you are running out of luck during attach. > >>What went wrong? Does anybody have an answer or is all my data lost? > > > >Simple answer: yes, and this is one of the risks with all encrypted > >file systems. Probablly quite challenging to get it back absent > >backups. > >>I would be very happy, if anybody could help me with this. > > > >Is it possible you've written boot code on-top of the encrypted volume? > >Those strings look to belong to boot loader. > > > >You probably shouldn't have used the raw partition for the encrypted > >volume, > >next time disklabel the disk and use /dev/ad1s1a . I don't know why you > >want boot code on the second disk anyhow. > > > Hmm, seems really to be boot loader code. But I did not use fdisk or > disklabel > after creation of the encrypted disk. Maybe it isn't overwritten then and you just have boot code left-over from when you originally labeled the disk.. unless something could have over-writen, it's hard to think of other likely scenarios. > Did not know that its better to not use the raw partition :-( Well, I guess it doesn't matter unless something assumes that it can write over the first sectors containing your data. The good news is you still have your lock selector file (-L/-l). PHK: wouldn't the BDE class / GEOM prevent boot code from being written to the underlying partition (provider) if it were attached at the time? -- Allan Fields, AFRSL - http://afields.ca 2D4F 6806 D307 0889 6125 C31D F745 0D72 39B4 5541
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040705192618.GB74224>