From owner-freebsd-geom@FreeBSD.ORG Fri Jun 10 05:32:12 2011 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E30B4106566C for ; Fri, 10 Jun 2011 05:32:12 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.garage.freebsd.pl (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 8BB048FC08 for ; Fri, 10 Jun 2011 05:32:11 +0000 (UTC) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 7BD8345F39; Fri, 10 Jun 2011 07:32:09 +0200 (CEST) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 13D5145683; Fri, 10 Jun 2011 07:32:04 +0200 (CEST) Date: Fri, 10 Jun 2011 07:31:27 +0200 From: Pawel Jakub Dawidek To: Robert Simmons Message-ID: <20110610053127.GB2433@garage.freebsd.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WhfpMioaduB5tiZL" Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 9.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: data integrity verification using geli X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2011 05:32:13 -0000 --WhfpMioaduB5tiZL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 09, 2011 at 10:51:18PM -0400, Robert Simmons wrote: > Does data integrity verification work if I encrypt a partition using > geli(8)? When I created a provider, I just happened to peek at the > dmesg and I noticed a large number of errors reported after creating > the eli device. All are variations of the following: > GEOM_ELI: ad6p4.eli: 512 bytes corrupted at offset 3221224960 > GEOM_ELI: ad6p4.eli: 8192 bytes corrupted at offset 65536 This is because the data is not yet initialized. You have some random data that surely are not properly signed. In the example section of geli(8) manual page you can find that there is a step to initialize the provider's data: # dd if=3D/dev/random of=3D/dev/da0.eli bs=3D1m This way GELI has a chance to sign all the blocks. I guess it would be good to advise this step after 'geli init' the same way we inform about backups. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com --WhfpMioaduB5tiZL Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk3xrC8ACgkQForvXbEpPzS25wCdHYDYBDgPAjpfqj9vY5m5zuF3 ycwAoPLUd18Gs5if9nCw0hDqwux2dLZC =h3NO -----END PGP SIGNATURE----- --WhfpMioaduB5tiZL--