Date: Sun, 4 Apr 2004 21:42:46 -0400 From: Allan Fields <bsd@afields.ca> To: mmarkows@twcny.rr.com Cc: freebsd-geom@freebsd.org Subject: Re: how ro recover encrypted slice Message-ID: <20040405014246.GN93496@afields.ca> In-Reply-To: <c3421fc3355c.c3355cc3421f@nyroc.rr.com> References: <c3421fc3355c.c3355cc3421f@nyroc.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 04, 2004 at 06:42:33PM -0400, mmarkows@twcny.rr.com wrote: > Hi, > > I mounted a GEOM-encrypted slice to /home2 and stored all my data there. Two days ago, I decided to update my FreeBSD from 5.2 to 5.2.1. I have done it several times before, so I felt self-assured. I backed up my config files, forgetting unfortunately about /etc/gbde/ad1s2. >From what you've stated it's clear that: a) You used a lock selector file (alternative is to use the first block of device) b) You've unlinked your lock file c) there has been the possibility you've over-written the blocks containing lock file data d) You know your master key still (this is good news) It's not clear what you did to initialize the device: a) filled it with random data (more secure/harder to bf) or not? b) what parameters if any you used while initializing GBDE device (I know this blurb isn't what your interested in hearing at this stage, but bear with me:) I would recommend in the future you keep a backup copy of the lock files and/or write down the provided lock sector addresses and possibly even store a backup of the master key in a safe location (if this meets your security requirements). An encrypted device brings with it risks that must be taken into account: your first question should be "do I have back-ups?" (Which could be encrypted for example with a different key or even a different system.) If you do, you can simply re-create the device, then restore from the backups. Right, so now, what can be done in your current situation? The best case is that you can still recover the lock file from your root slice or have a backup somewhere that you've forgotten about. Otherwise, you'll need to try to find the lock sectors on the device via brute force.. The gbde architecture is outlined in phk's gbde paper from BSDCon2003: if you haven't already taken a look at that paper, I would suggest you do now. Especially of interest is Section 7.2 about sector mapping. Basically you'd be searching the disk surface and it won't be something easy to do. Depending on how large your disk is, you need to find the lock sectors from the rest, which could take many hours or days even with the master key and it may require some intimate knowledge about the gbde code. (geom folks: feel free to correct me on anything I've mentioned, above.) > During the update procedure my system was messed up to the extent that it seemed reasonable to do a clean install of 5.2.1. I did it without saving /etc/gbde/ad1s2, and without touching the encrypted slice. > > Now, I am in a predicament because I cannot access my files that I need for my work tomorrow. I know that I messed up, but my last backup is 3 weeks old, and essentially it is no good any more. > > Is there any way to recover the data? I have 13 hours to do it. It's remotely possible you'll be able to get this data back, rushing definitely wont help you in these types of situations, you'll end up making more mistakes. Especially important is to keep the server down until you have resolved the problem and make a dump of your root partition or the whole disk in it's current state. If the server has to stay up, at least remount your root read-only for now and hope that you will be able to recover your lock selector file. > Thank you for your time. > > Maciej. Best of luck, -- Allan Fields _.^. ,_ ,. ._ . Afields Research/AFRSL - http://afields.ca <,'/-\/- /\'_| /_ BSDCan: May 2004, Ottawa - http://www.bsdcan.org `'|'====-=--- -- - `---- -- -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040405014246.GN93496>