From owner-freebsd-stable@FreeBSD.ORG Fri May 1 11:34:22 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E64EE106564A for ; Fri, 1 May 2009 11:34:21 +0000 (UTC) (envelope-from erikt@midgard.homeip.net) Received: from ch-smtp01.sth.basefarm.net (ch-smtp01.sth.basefarm.net [80.76.149.212]) by mx1.freebsd.org (Postfix) with ESMTP id 75C458FC12 for ; Fri, 1 May 2009 11:34:20 +0000 (UTC) (envelope-from erikt@midgard.homeip.net) Received: from c83-255-48-78.bredband.comhem.se ([83.255.48.78]:58997 helo=falcon.midgard.homeip.net) by ch-smtp01.sth.basefarm.net with esmtp (Exim 4.69) (envelope-from ) id 1LzqyK-0000Jc-40 for freebsd-stable@freebsd.org; Fri, 01 May 2009 13:32:12 +0200 Received: (qmail 19873 invoked from network); 1 May 2009 13:32:01 +0200 Received: from owl.midgard.homeip.net (10.1.5.7) by falcon.midgard.homeip.net with ESMTP; 1 May 2009 13:32:01 +0200 Received: (qmail 70373 invoked by uid 1001); 1 May 2009 13:32:01 +0200 Date: Fri, 1 May 2009 13:32:01 +0200 From: Erik Trulsson To: ghostcorps Message-ID: <20090501113201.GA70308@owl.midgard.homeip.net> References: <4c06024b0905010112m42cbd2a5m9474aa86c003fb0@mail.gmail.com> <20090501095305.GA91771@slackbox.xs4all.nl> <4c06024b0905010402r77141b0dwd783f56b55f7afb5@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4c06024b0905010402r77141b0dwd783f56b55f7afb5@mail.gmail.com> User-Agent: Mutt/1.5.19 (2009-01-05) X-Originating-IP: 83.255.48.78 X-Scan-Result: No virus found in message 1LzqyK-0000Jc-40. X-Scan-Signature: ch-smtp01.sth.basefarm.net 1LzqyK-0000Jc-40 27e50485a4cffab17598862c4d165a10 Cc: Roland Smith , freebsd-stable@freebsd.org Subject: Re: Can i add a new HDD to an encrypted array? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 May 2009 11:34:22 -0000 On Fri, May 01, 2009 at 09:02:46PM +1000, ghostcorps wrote: > Thanks Roland, > > You have confirmed my worst fears. One thing though, apparently MatrixRAID > is a 'Firmware RAID' system as opposed to hard or software. That just means that the BIOS understands that RAID layout and knows how to boot from a RAID array. Otherwise it is just like any other software RAID. (It is a fairly safe assumption that any 'RAID-controller' that is built-in on a motherboard is actually software RAID.) > I don't quite > know how that would effect anything but that's all I can say really. It > looks like I'm buying some more disks. > > http://en.wikipedia.org/wiki/Intel_Matrix_RAID > > Regards > > > > On Fri, May 1, 2009 at 7:53 PM, Roland Smith wrote: > > > On Fri, May 01, 2009 at 06:12:42PM +1000, ghostcorps wrote: > > > Hi Guys, > > > > > > This seems liek a really basic question, I expect a simple 'no', but I > > > havn't found anything definative yet. > > > > > > I currently have a hardware RAID5 array, using the Intel Matrix RAID > > > capability onboard, encrypted with GELI. > > > > According to ataraid(4), Intel MatrixRAID is software RAID, not real > > hardware RAID. > > > > > I need to add 2 new discs to the array. If I add a disc to the array and > > > have it rebuilt with the Intel Matrix Storage Manager, prior to booting > > > FreeBSD will that destroy the encrypted data? > > > > In short, no. > > > > The long answer is that the raid array functions at a level below GELI > > which in turn is below the filesystem layer. GELI writes its metadata in > > the last sector of the device, and the ffs(7) filesystem records the > > size of the underlying device at creation time. > > > > Adding the two disks will make the array larger. The metadata for geli > > will probably not be on the last sector anymore, so geli will not > > recognize the enlarged device. > > > > So you'll have to save your data elsewhere, put in the extra disks, > > recreate the array, re-initialize and attach the geli device for the new > > array and newfs(8) the new geli device. > > > > > If so, how can I decrypt the disk without copying the data to another > > > partition? > > > > There are no tools for that at this time, although it should be feasable > > by reading a (multiple of) block(s) from the geli device and then > > writing it to the non-encrypted device. Note that whenever you write a > > block to the unencrypted device, the contents of that block on the geli > > device become gibberish! So you'll have to do the whole device, unless > > you can beforehand make a list of all the blocks that are in use by the > > filesystem. And if even a single block failed in transit, you're > > potentially screwed. > > > > And even if you could perform this in-place decryption, you should make > > a full backup anyway in case the procedure goes horribly wrong, which is > > always a possibility. :-) > > > > If you want to decrypt the device in place because you don't have enough > > backup capacity to store the contents of you raid array, you're aleady > > in trouble even if you don't know it yet. What will you do if your RAID5 > > fails? > > > > Roland > > -- > > R.F.Smith http://www.xs4all.nl/~rsmith/ > > [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] > > pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Erik Trulsson ertr1013@student.uu.se