Date: Sun, 8 Apr 2007 16:24:54 +0200 (CEST) From: Christian Baer <christian.baer@uni-dortmund.de> To: freebsd-geom@freebsd.org Subject: gmirror and geli integrity check Message-ID: <evatvm$h1g$1@nermal.rz1.convenimus.net>
next in thread | raw e-mail | index | archive | help
Hi peeps! A while ago I set up a Sun U60 with two filesystems, that were mirrored and then encrypted with geli with data integrity check on (init -a). This was done in exactly *that* order (first the mirror, then geli). Now I am having second thoughts about this altogether... The reason is that the combination of these two functions is to protect information from other people and from loss through hardware failure. I did the init with -a so that I could easily *find* broken data. I am not concerned that this machine will be somehow manipulated so that I need to find out if someone has been tampering with my data. This was for protection against lost though a hardware problem alone. What happens if one drive breaks down or has a broken sector? Will this combination help me to save data or to detect the broken sector? Or will it cause more problems than it could solve? The reason for my worries is the fact that the mirror was created first. If one filesystem was created first and this filesystem were mirrored (in doing so, forcing both filesystems to be encrypted seperately), the integrity check would work for both filesystems and thus for both drives. A broken file system could be identified easily. But what happens if one of the drives in the mirror is broken? Would I be able to identify the broken one? Regards and happy Easter! Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?evatvm$h1g$1>