Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Feb 2013 22:25:33 +0100
From:      mhca12 <mhca12@gmail.com>
To:        dweimer@dweimer.net
Cc:        freebsd-questions@freebsd.org
Subject:   Re: geli overhead?
Message-ID:  <CAHUOmanYfr2B0sM%2B4mtzJnwyAWXf7uLTWF8mKWSMpiqJcg6fgQ@mail.gmail.com>
In-Reply-To: <abe71e782475fd98aef8e77721e3be9b@dweimer.net>
References:  <CAHUOmamYud7md9=5yYfWvEsQZUWKHgPRUdwhUpaNae71B-nxvA@mail.gmail.com> <abe71e782475fd98aef8e77721e3be9b@dweimer.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Feb 4, 2013 at 10:19 PM, dweimer <dweimer@dweimer.net> wrote:
> On 02/04/2013 2:56 pm, mhca12 wrote:
>>
>> Is there some overhead associated with the geli setup as
>> described earlier?
>>
>> $ df -h
>> Filesystem         Size    Used   Avail Capacity  Mounted on
>> /dev/ada0p3.eli    127G    6.9G    119G     5%    /
>> devfs              1.0k    1.0k      0B   100%    /dev
>> /dev/gpt/boot      991M    339M    642M    35%    /bootdir
>> $ gpart show
>> =>       34  312581741  ada0  GPT  (149G)
>>          34        128     1  freebsd-boot  (64k)
>>         162    2097152     2  freebsd-ufs  (1.0G)
>>     2097314  310484461     3  freebsd-ufs  (148G)
>>
>> Where did 21G from the 148G go?
>>
>> As suggested in dan.me.uk geli install guide I used geli init -a
>> HMAC/SHA256
>> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli volume.
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe@freebsd.org"
>
>
> Did you use the -a option when doing the geli init?
>
>
>  -a aalgo        Enable data integrity verification (authenti-
>                                 cation) using the given algorithm.  This
> will
>                                 reduce size of available storage and also
>                                 reduce speed.  For example, when using 4096
>                                 bytes sector and HMAC/SHA256 algorithm, 89%
> of
>                                 the original provider storage will be avail-
>                                 able for use.  Currently supported
> algorithms
>                                 are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160,
>                                 HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512.
> If
>                                 the option is not given, there will be no
>                                 authentication, only encryption.  The recom-
>                                 mended algorithm is HMAC/SHA256.

Yes I did (see above).

Do I have to init the volume again to skip authentication?

Does skipping authentication also remove the requirement of
zeroing the whole eli disk for the checksums?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHUOmanYfr2B0sM%2B4mtzJnwyAWXf7uLTWF8mKWSMpiqJcg6fgQ>