From owner-freebsd-geom@FreeBSD.ORG Wed Jun 3 22:11:53 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CC4D1065675 for ; Wed, 3 Jun 2009 22:11:53 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: from mail-gx0-f210.google.com (mail-gx0-f210.google.com [209.85.217.210]) by mx1.freebsd.org (Postfix) with ESMTP id 38F408FC15 for ; Wed, 3 Jun 2009 22:11:53 +0000 (UTC) (envelope-from dan.naumov@gmail.com) Received: by gxk6 with SMTP id 6so186887gxk.19 for ; Wed, 03 Jun 2009 15:11:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=YkprYYXmZQuPgCklvBhobeDK162Bn1YmPa4w/iSnrNA=; b=sFCKNfM7E4+PpZ9xi640V7sMOD+zdmQaq5eOsjC8SSbDo5zminBpNFpVupgpRBZfAD IaVCOTC0GC/LSxa4v6o1RrmzFE1Iump/wus+0+dXoFfYhIgWNv3JA3ovo3j+1AYiyMQB F7H8fgmOQtPKg68C3MAbsmuVqJKDXO5R70NFI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=Tr24QT2A10anF1FgtuxaG09gHfjoNatBh3ZQ+fSz7Xx3sjFf7VL30y6/wy7pYdS6aJ n8m2dhy1s0HTaxnRAkrvJxsQUfsBogGM+fTZ4xwOSu1H3W4DhNZWKmu2an/dAx2e7mUl HDmctAvIrx1rL4vIE5Kx2bT6ggQTPBG0BmHPU= MIME-Version: 1.0 Received: by 10.100.10.15 with SMTP id 15mr1886777anj.8.1244067112567; Wed, 03 Jun 2009 15:11:52 -0700 (PDT) Date: Thu, 4 Jun 2009 01:11:52 +0300 Message-ID: From: Dan Naumov To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: GELI and dynamically sized file providers? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 22:11:53 -0000 Hello list. As far as I know, this feature hasn't been implemented (if it is, by all means please educate me on this) and I think it would make a really good addition to the current options of using GELI encryption on FreeBSD. What I want is to have data encrypted with GELI and kept inside an encrypted file that is held on a regular ZFS or UFS2 partition. Now I know it is possible to just dd an arbitrarily sized block of data as a file onto the partition and use it as a provider for GELI, but this has a very serious limitation: you cannot resize this file without essentially have to move all your data out, delete the provider, create a new smaller/bigger file, use it as a new provider for GELI and then move the data back inside it. This is really really cumbersome. What would be really nice is to have this block of data used as a provider to dynamically grow or shrink as more or less is needed to store the encrypted files. This would open up a lot of options for the user: 1) You would be able to start small and then grow your amount of encrypted data for as long as you have free space on the ZFS / UFS2 partition holding the dynamic file provider. 2) If you end up overestimating your need for the amount of data you want to be encrypted, the provider shrinks accordingly, leaving more space free on the ZFS / UFS2 partition for use for unencrypted data without any speed penalties that come with using encryption. 3) This makes combining data redundancy and encryption a LOT easier: for example you can have a 4 disk ZFS raidz of 2tb disks (resulting in 6tb of space usable) and a dynamic file provider kept on this raidz than grows or shrinks according to space requirements of the encrypted files AND your data integrity and redundancy is on the shoulders of ZFS instead of having the user ponder the most non-insane way of doing things and avoiding things like having to keep separate partitions used as providers for 4 different GELI devices that each have to be "opened" with a passkey before the ZFS pool can be brought online or having to keep one ENORMOUS file container inside the ZFS pool taking up a lot of space without you ever knowing if you are going to ever use it all. - Dan Naumov