From owner-freebsd-geom@FreeBSD.ORG Sun Apr 8 19:47:03 2007 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 536D116A401 for ; Sun, 8 Apr 2007 19:47:03 +0000 (UTC) (envelope-from news@nermal.rz1.convenimus.net) Received: from mailr2.de.ignite.net (mailr2.de.ignite.net [195.182.110.148]) by mx1.freebsd.org (Postfix) with ESMTP id DCD7713C458 for ; Sun, 8 Apr 2007 19:47:02 +0000 (UTC) (envelope-from news@nermal.rz1.convenimus.net) Received: from mailr1.de.ignite.net (mailr1.de.ignite.net [195.182.110.146]) by mailr2.de.ignite.net (Switch-3.1.9/Switch-3.1.7) with ESMTP id l38EOx6r014866 for ; Sun, 8 Apr 2007 16:24:59 +0200 (MEST) Received: from nermal.rz1.convenimus.net (c-134-176-43.d.dsl.de.ignite.net [62.134.176.43]) by mailr1.de.ignite.net (Switch-3.1.9/Switch-3.1.7) with ESMTP id l38EOtd6010857 for ; Sun, 8 Apr 2007 16:24:56 +0200 (MEST) Received: by nermal.rz1.convenimus.net (Postfix, from userid 8) id A69FB15213; Sun, 8 Apr 2007 16:24:54 +0200 (CEST) To: freebsd-geom@freebsd.org Path: not-for-mail From: Christian Baer Newsgroups: gmane.os.freebsd.devel.geom Date: Sun, 8 Apr 2007 16:24:54 +0200 (CEST) Organization: Convenimus Projekt Lines: 28 Message-ID: NNTP-Posting-Host: garfield.rz1.convenimus.net X-Trace: nermal.rz1.convenimus.net 1176042294 17456 192.168.100.11 (8 Apr 2007 14:24:54 GMT) X-Complaints-To: abuse@convenimus.net NNTP-Posting-Date: Sun, 8 Apr 2007 14:24:54 +0000 (UTC) User-Agent: slrn/0.9.8.1 (FreeBSD) Subject: gmirror and geli integrity check X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2007 19:47:03 -0000 Hi peeps! A while ago I set up a Sun U60 with two filesystems, that were mirrored and then encrypted with geli with data integrity check on (init -a). This was done in exactly *that* order (first the mirror, then geli). Now I am having second thoughts about this altogether... The reason is that the combination of these two functions is to protect information from other people and from loss through hardware failure. I did the init with -a so that I could easily *find* broken data. I am not concerned that this machine will be somehow manipulated so that I need to find out if someone has been tampering with my data. This was for protection against lost though a hardware problem alone. What happens if one drive breaks down or has a broken sector? Will this combination help me to save data or to detect the broken sector? Or will it cause more problems than it could solve? The reason for my worries is the fact that the mirror was created first. If one filesystem was created first and this filesystem were mirrored (in doing so, forcing both filesystems to be encrypted seperately), the integrity check would work for both filesystems and thus for both drives. A broken file system could be identified easily. But what happens if one of the drives in the mirror is broken? Would I be able to identify the broken one? Regards and happy Easter! Chris