From owner-freebsd-geom@FreeBSD.ORG Mon Oct 17 00:01:39 2011 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7889A1065673; Mon, 17 Oct 2011 00:01:39 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 234D08FC14; Mon, 17 Oct 2011 00:01:38 +0000 (UTC) Received: by gyd8 with SMTP id 8so3207680gyd.13 for ; Sun, 16 Oct 2011 17:01:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version:x-mailer; bh=R9uLvsZcXXci/3hYE6XujzCL29sjC+p0NlEO7Z5SN6w=; b=tLQSNiTYvDLVhykzmZi05x7YuXzO9kKyCEtyx873pEiodYMgAQuWDUa7qOJ1+cq1DG 3TkoHMY+t0cSqE5jYY6E9mEca745J01+6LHxe8q6y6b9NmQLOl5bV60hRuHFQXp3apvf wSPTC4TOvMCTpctt3kv9BuMXVmaBfAwQxohIM= Received: by 10.68.15.234 with SMTP id a10mr3463915pbd.10.1318809698127; Sun, 16 Oct 2011 17:01:38 -0700 (PDT) Received: from [192.168.20.5] (c-24-6-49-154.hsd1.ca.comcast.net. [24.6.49.154]) by mx.google.com with ESMTPS id h5sm52419616pbq.11.2011.10.16.17.01.36 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 16 Oct 2011 17:01:37 -0700 (PDT) From: Garrett Cooper Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sun, 16 Oct 2011 17:01:34 -0700 Message-Id: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com> To: freebsd-geom@freebsd.org Mime-Version: 1.0 (Apple Message framework v1084) X-Mailer: Apple Mail (2.1084) Cc: Xin LI Subject: GELI devices produced with 9.0+ fail when mounted on 8.2, etc? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2011 00:01:39 -0000 Hi, I was curious why GELI encrypted images produced on 9.0+ = couldn't be loaded on 8.2 images, and it looks like something is broken = with previous versions of FreeBSD (8.2 at least). If I do the following = to generate a disk image on a 9.0+ host: #!/bin/sh set -e dd if=3D/dev/zero bs=3D1m count=3D48 of=3Ddi=20 echo foobar > ckey md=3D$(mdconfig -a -t vnode -f di) geli init -B none -K ckey -P /dev/$md geli attach -k ckey -p /dev/$md makefs -t ffs /dev/$md.eli /usr/src/etc geli detach /dev/$md mdconfig -d -u $md Transfer the image over to an 8.2 host and do the following: #!/bin/sh echo foobar > ckey md=3D$(mdconfig -a -f di) geli attach -k ckey -p /dev/$md The attach will fail with the following message: geli: MD5 hash mismatch for /dev/md0. Please note that according to the documentation for geli init, = unless I was to provide a value via -a (say -a HMAC/MD5), it shouldn't = "Enable data integrity verification". If instead I build the initial = image on FreeBSD 8.2, transfer the image over to a 9.0+ host, then try = to geli attach it as shown above, things just work. Seems like a regression was introduced into geli somewhere in = 9.0.. just haven't started digging in to determine why. Thanks, -Garrett FreeBSD fallout.local 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r226332M: Wed = Oct 12 22:48:55 PDT 2011 = root@fallout.local:/usr/obj/usr/src/sys/FALLOUT amd64 FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC = 2011 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64=