Date: Sun, 16 Oct 2011 17:01:34 -0700 From: Garrett Cooper <yanegomi@gmail.com> To: freebsd-geom@freebsd.org Cc: Xin LI <delphij@FreeBSD.org> Subject: GELI devices produced with 9.0+ fail when mounted on 8.2, etc? Message-ID: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I was curious why GELI encrypted images produced on 9.0+ couldn't be loaded on 8.2 images, and it looks like something is broken with previous versions of FreeBSD (8.2 at least). If I do the following to generate a disk image on a 9.0+ host: #!/bin/sh set -e dd if=/dev/zero bs=1m count=48 of=di echo foobar > ckey md=$(mdconfig -a -t vnode -f di) geli init -B none -K ckey -P /dev/$md geli attach -k ckey -p /dev/$md makefs -t ffs /dev/$md.eli /usr/src/etc geli detach /dev/$md mdconfig -d -u $md Transfer the image over to an 8.2 host and do the following: #!/bin/sh echo foobar > ckey md=$(mdconfig -a -f di) geli attach -k ckey -p /dev/$md The attach will fail with the following message: geli: MD5 hash mismatch for /dev/md0. Please note that according to the documentation for geli init, unless I was to provide a value via -a (say -a HMAC/MD5), it shouldn't "Enable data integrity verification". If instead I build the initial image on FreeBSD 8.2, transfer the image over to a 9.0+ host, then try to geli attach it as shown above, things just work. Seems like a regression was introduced into geli somewhere in 9.0.. just haven't started digging in to determine why. Thanks, -Garrett FreeBSD fallout.local 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r226332M: Wed Oct 12 22:48:55 PDT 2011 root@fallout.local:/usr/obj/usr/src/sys/FALLOUT amd64 FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?924643A0-0798-4FAC-8F82-4AFBC56DC8D7>