From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 15:46:29 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BF07106566B for ; Thu, 4 Oct 2012 15:46:29 +0000 (UTC) (envelope-from andre@drenet.info) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id B0D528FC14 for ; Thu, 4 Oct 2012 15:46:28 +0000 (UTC) Received: by mail-yx0-f182.google.com with SMTP id l8so133041yen.13 for ; Thu, 04 Oct 2012 08:46:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drenet.info; s=google; h=content-type:date:to:subject:mime-version:content-transfer-encoding :from:message-id:user-agent; bh=5MEKRNOB8thtVNiFh4N4ma+6NR1ZjpLPb+ikJcomE2E=; b=bUGS6TrY/86V3U8GqxFdQDyNjjYCpas/9ryL27BYlMzDWt2yWWsJKFuIj61Xv2jkAW n+qUqwAzZmF6fdIo+OOmGrkHsqlXU8AaEErleZTo1HvkUQU1+2WIZq4k9ACtS3Ka4llY xUuhwAgb40qgxuXuIy2RavFFy6aWiMTpEnKqU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:date:to:subject:mime-version:content-transfer-encoding :from:message-id:user-agent:x-gm-message-state; bh=5MEKRNOB8thtVNiFh4N4ma+6NR1ZjpLPb+ikJcomE2E=; b=QPMPbZfpW16SnJBaPOscqEhb5d+p2TVefmDFVlTkbNjhRlCgnBVYGGR5Tc/qCNBHJc pcmz83Wi+7HvFRJWBSYcHvI/pdSunE1Z48HK3FTdl/QcXcGQM6oJYc1TN8N8sZeD4Z3R U/usGBB2UFsD2GvxeagM2wn+kFbmi4/BqzlHU98GIwkQCd+jMDHnknbNWbvwPUkZ3qJ5 q3EHgkxYe2+SbT7/VKvz9ODgV3O9iL/58jKB+N4w2vkqDvmoeYL9mYUQcs0/TzChzpQA Q1StC+8Z/FLn5bux4mrWZW4LqcVeD0NSkz3UHponKp95uNiHY8QC7cAXwriQb93Q+l9W sqBw== Received: by 10.101.75.8 with SMTP id c8mr38723anl.16.1349365587521; Thu, 04 Oct 2012 08:46:27 -0700 (PDT) Received: from sideswipe.accesso.office ([184.90.20.25]) by mx.google.com with ESMTPS id h22sm10429709yhk.13.2012.10.04.08.46.26 (version=SSLv3 cipher=OTHER); Thu, 04 Oct 2012 08:46:27 -0700 (PDT) Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Date: Thu, 04 Oct 2012 11:45:48 -0400 To: FreeBSD MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Andre Goree" Message-ID: User-Agent: Opera Mail/12.02 (Linux) X-Gm-Message-State: ALoCoQkOd5kkxzhNgJt8bfJt67IFNoe6bzzShbzAgCa4oLomC7IREa50+Nx3jC0VnS3urA7vqXV5 Subject: GELI+ZFS failed disk issue X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 15:46:29 -0000 Hello all. Wondering I can pick your brains regarding a situation I've run into. I've followed this article on setting up my FreeBSD 9 install on ZFS w/GELI encyrption -- sans the part about having 'bootdir' on a mirror, which, sadly, likely would've saved me from my current problem: https://www.dan.me.uk/blog/2012/05/06/full-disk-encryption-with-zfs-root-for-freebsd-9-x/ The server ran great and I had no issues until this past weekend, when my hard drive that contains the OS pool (including /, /boot, etc.) FAILED. I'm now in the situation where my encryption key file cannot be accessed, since it is on a failed disk. I can live without the stuff on the OS pool, however I have another pool containing many GBs of data (music, video, documents, etc.) that I desperately need and cannot lose. Whats worse is that I never got around to setting up backups for this data (damn laziness!). Here is the layout of the server, so you can better picture my predicament: drive1 - OS pool, GELI encrypted (contained bootdir with my encryption key in it) drive2 - NAS pool, GELI encrypted (contained all my data, the encryption key for this device was located on the failed drive in bootdir) drive3 - NAS pool, GELI encrypted " " " " I really need the stuff off the NAS pool, but I'm not sure if I'll be able to decrypt it since the key is on the failed drive. My question to you all is, is there any way to decrypt the pool WITHOUT that key? I'm going to try to reinstall FreeBSD 9 on a new disk, and import the ZFS pools, but if the disks are encrypted with no way of being decrypted (due to the missing key), I think I'm SOL :( Thanks in advance for any suggestions. -- Using Opera's revolutionary email client: http://www.opera.com/mail/