From owner-freebsd-stable@FreeBSD.ORG Sat Mar 10 16:09:42 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BCD1E106564A for ; Sat, 10 Mar 2012 16:09:42 +0000 (UTC) (envelope-from xenophon@irtnog.org) Received: from mx1.irtnog.org (rrcs-24-123-13-61.central.biz.rr.com [24.123.13.61]) by mx1.freebsd.org (Postfix) with ESMTP id 7B48B8FC0A for ; Sat, 10 Mar 2012 16:09:41 +0000 (UTC) Received: from cinep001bsdgw.irtnog.net (localhost [127.0.0.1]) by mx1.irtnog.org (Postfix) with ESMTP id B313612B0B for ; Sat, 10 Mar 2012 11:03:43 -0500 (EST) X-Virus-Scanned: amavisd-new at irtnog.org Received: from mx1.irtnog.org ([127.0.0.1]) by cinep001bsdgw.irtnog.net (mx1.irtnog.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kI4vFADigawO for ; Sat, 10 Mar 2012 11:03:37 -0500 (EST) Received: from cinip100ntsbs.irtnog.net (cinip100ntsbs.irtnog.net [10.63.1.100]) by mx1.irtnog.org (Postfix) with ESMTP for ; Sat, 10 Mar 2012 11:03:37 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Sat, 10 Mar 2012 11:03:34 -0500 Content-Type: multipart/signed; boundary="----=_NextPart_000_0003_01CCFEAD.6FE074C0"; micalg=2.16.840.1.101.3.4.2.3; protocol="application/x-pkcs7-signature" Message-ID: In-Reply-To: <20120309152253.17a108c2@fabiankeil.de> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: FreeBSD root on a geli-encrypted ZFS pool thread-index: Acz+ALr6Ung4OwUMRkGClAvc7d26qAAMP2sg References: <20120307174850.746a6b0a@fabiankeil.de> <20120309152253.17a108c2@fabiankeil.de> From: "Matthew X. Economou" To: Subject: RE: FreeBSD root on a geli-encrypted ZFS pool X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2012 16:09:42 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0003_01CCFEAD.6FE074C0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Fabian Keil writes: > In my opinion protecting ZFS's default checksums (which cover > non-metadata as well) with GEOM_ELI is sufficient. I don't see > what advantage additionally enabling GEOM_ELI's integrity > verification offers. I follow you now. You may be right about the extra integrity checking being redundant with ZFS. > Anyway, it's a test without file system so the ZFS overhead isn't > measured. I wasn't entirely clear about it, but my assumption was > that the ZFS overhead might be big enough to make the difference > between HMAC/MD5 and HMAC/SHA256 a lot less significant. Got it. That also makes sense. I'll put this on my to-test list. > I'm currently using sector sizes between 512 and 8192 so I'm not > actually expecting technical problems, it's just not clear to me > how much the sector size matters and if 4096 is actually the best > value when using ZFS. The geli(8) manual page claims that larger sector sizes lower the overhead of GEOM_ELI keying initialization and encryption/decryption steps by requiring fewer of these compute-intensive setup operations per block. You can think of it in terms of networking, where it makes sense to re-use a TCP connection for multiple HTTP requests, because for small HTTP requests, the bandwidth and latency caused by the TCP three-way handshake overshadows the actual data transfer. -- I FIGHT FOR THE USERS ------=_NextPart_000_0003_01CCFEAD.6FE074C0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCCEA4w ggeyMIIFmqADAgECAgonCLhKAAAAAACFMA0GCSqGSIb3DQEBBQUAMEYxEzARBgoJkiaJk/IsZAEZ FgNuZXQxFjAUBgoJkiaJk/IsZAEZFgZpcnRub2cxFzAVBgNVBAMTDmlydG5vZy1yb290LWNhMB4X DTEyMDEyMTIyMDIwMFoXDTEyMDkxODIyMzk1NlowgacxEzARBgoJkiaJk/IsZAEZFgNuZXQxFjAU BgoJkiaJk/IsZAEZFgZpcnRub2cxEzARBgNVBAsTCk15QnVzaW5lc3MxDjAMBgNVBAsTBVVzZXJz MREwDwYDVQQLEwhTQlNVc2VyczEcMBoGA1UEAxMTTWF0dGhldyBYLiBFY29ub21vdTEiMCAGCSqG SIb3DQEJARYTeGVub3Bob25AaXJ0bm9nLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA xxSejYh5d5540s54di3lHM8054mpLq80ENH+/GFPQDKfNR0TTsT9j2mgQ3vOCoMmsgsg+pQEjhZq v4PRqW3gDiew5eqHG9V34pmbug0lxvBqbX0JZHhH6LYiqxlXkdgGZP+nuFIJ1JQNJqYlJ7DITvwV 2g37kz8KkOTSWpvzNPUCAwEAAaOCA8IwggO+MBcGCSsGAQQBgjcUAgQKHggAVQBzAGUAcjApBgNV HSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMEQGCSqG SIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggq hkiG9w0DBzBDBgNVHREEPDA6oCMGCisGAQQBgjcUAgOgFQwTeGVub3Bob25AaXJ0bm9nLm5ldIET eGVub3Bob25AaXJ0bm9nLm9yZzAdBgNVHQ4EFgQU3Cmqfa0uDB+8b10FZ6le9hm/LaowHwYDVR0j BBgwFoAUEIDvE/jvbRM59XtEApwmUJeGN6QwggE/BgNVHR8EggE2MIIBMjCCAS6gggEqoIIBJoaB umxkYXA6Ly8vQ049aXJ0bm9nLXJvb3QtY2EsQ049Y2luaXAxMDBudHNicyxDTj1DRFAsQ049UHVi bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1pcnRu b2csREM9bmV0P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxE aXN0cmlidXRpb25Qb2ludIY9aHR0cDovL2NpbmlwMTAwbnRzYnMuaXJ0bm9nLm5ldC9DZXJ0RW5y b2xsL2lydG5vZy1yb290LWNhLmNybIYoaHR0cDovL3dlYi5pcnRub2cub3JnL2lydG5vZy1yb290 LWNhLmNybDCCAVsGCCsGAQUFBwEBBIIBTTCCAUkwgawGCCsGAQUFBzABhoGfbGRhcDovLy9DTj1p cnRub2ctcm9vdC1jYSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2Vydmlj ZXMsQ049Q29uZmlndXJhdGlvbixEQz1pcnRub2csREM9bmV0P2NBQ2VydGlmaWNhdGU/YmFzZT9v YmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGIGCCsGAQUFBzABhlZodHRwOi8vY2lu aXAxMDBudHNicy5pcnRub2cubmV0L0NlcnRFbnJvbGwvY2luaXAxMDBudHNicy5pcnRub2cubmV0 X2lydG5vZy1yb290LWNhLmNydDA0BggrBgEFBQcwAYYoaHR0cDovL3dlYi5pcnRub2cub3JnL2ly dG5vZy1yb290LWNhLmNydDANBgkqhkiG9w0BAQUFAAOCAgEADgEVR2j45bb/icawmW483CDBRTW5 japSrGUTOewheyoXGlZGbaS2MGY/2fLdF+G6/f2P1tgL4L9fqtc7UoVnvio6BlnYnrknstrWkcRU kNBcvUpoCAexEAl/I8WSdS5GAFiMh75kF+6nzm6+FlMuWyHyFNp4Xlkx0WWW3wN5B2DsTbhTMWjP D6EtpjEz60aK+aGPKsgtKTsLyJYbQdjic7lEOIi5S/OAgTKBWseuKb4YwBS0lXcqyVPI149NfgiC tX9jCY2kZwhBWMo5ueGViY3twsJ4MkTc2GvTYhztgYu2YDq5/BRoGlenUgSyReOPMB0KZViDvBue imBUnpq/YioW0fFhIHyUgQWaXUeuMgZb7sYdlLsbgzUXuEqL09gr4KiBB6dDyzENgNDvoUZrBAeb Qsw2X8qd/yhKL7PMd1mYFWzHfUMXgfY31fmkF2GUH2+AmVntl4ClR5W46wl0SprO1tVuUPYvcWfx BYjEUnzFpsMDa5i0XRZUSe55dafNuMXqLoBQ+SnyW1qdf1eVzsUcWra0o/YH38RKdQiUgPcenED3 NXSWo5LAElyu7TrA+1xrYO0UVdbQ7yGTSeTPeeKh/rLvHwPML0ikfI4Ods1R2cwbXJnLc5Kp/rks HB72O22dZXBtgjPgDSA3cF6lbAV8Zc2gMnRNyMCHQDToR20wgghUMIIGPKADAgECAhAJRHXEQIeq skNRKMSkhahFMA0GCSqGSIb3DQEBBQUAMEYxEzARBgoJkiaJk/IsZAEZFgNuZXQxFjAUBgoJkiaJ k/IsZAEZFgZpcnRub2cxFzAVBgNVBAMTDmlydG5vZy1yb290LWNhMB4XDTA3MDkxODIyMzI0NloX DTEyMDkxODIyMzk1NlowRjETMBEGCgmSJomT8ixkARkWA25ldDEWMBQGCgmSJomT8ixkARkWBmly dG5vZzEXMBUGA1UEAxMOaXJ0bm9nLXJvb3QtY2EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC0xMC49jp+gi7WGyqsqVMg06+XcqOSou2WnQn22YtqxG/XoxqGue+aWgEgxfo+qT5AABK5 2iJM+oGCJtzxIZy1LKKL5xgsHR6NwdRVQW/SGJEGOP4WLUVo0/2TuLhgzSsyl9QTZ/Nb+ZxHIyOs kD/dVN0tyfRylvLEC4nHiGVrj/8owLYxGCZAI4eupcPnOHNThL4NM4uGvmJLgY0moFz4G1XvXirq QcrKOohzH1drzwOtGgGbBzIRVZRbt4BCAcy4eym7EQEvRrdExWBwEmR1xuL5b1UeTJrH51rufYEg M+jdW8sLhsrfDV32F1dECfASnHzoaxmQUUtCOvSNciKGaj3MXzt16LZWVE6lM15cNkv7ynKWxNJi ls5KhxAg/aoAbX9qY2MHivI+oI5+yKkWxfIyTqJ7m691dIs4MXXpxjweIzkiFLcTSojGUwUVwU9j AYp7aQIapcV1mGA5kmb0Us+F3MCzeOXvhAnZxnPtfQj0mHT5mBGopcLibicYCHkrbnMfKqRvX4zB Jb+IL/SybfweyNoC8RxmA9+yQOXDC6YV74WE+xHnRqM4ZvHDHPN7ewvR7H9iY6t7CPK7W6ygPp01 lSfUpKfOWfEw+s+qm7iQPBKv4ZvTsGyPkjgo+oNfalQWwJhub9jMFeLGbj2NltrOmwzRNrJ85Jfw ejbe/QIDAQABo4IDPDCCAzgwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE FBCA7xP4720TOfV7RAKcJlCXhjekMIIBPwYDVR0fBIIBNjCCATIwggEuoIIBKqCCASaGKGh0dHA6 Ly93ZWIuaXJ0bm9nLm9yZy9pcnRub2ctcm9vdC1jYS5jcmyGPWh0dHA6Ly9jaW5pcDEwMG50c2Jz LmlydG5vZy5uZXQvQ2VydEVucm9sbC9pcnRub2ctcm9vdC1jYS5jcmyGgbpsZGFwOi8vL0NOPWly dG5vZy1yb290LWNhLENOPWNpbmlwMTAwbnRzYnMsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNl cnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9aXJ0bm9nLERDPW5ldD9jZXJ0 aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9p bnQwEAYJKwYBBAGCNxUBBAMCAQAwRQYDVR0gBD4wPDA6BgkrBgEEAdFkAAEwLTArBggrBgEFBQcC ARYfaHR0cDovL3dlYi5pcnRub2cub3JnL2xlZ2FsL2NwczCCAVsGCCsGAQUFBwEBBIIBTTCCAUkw NAYIKwYBBQUHMAKGKGh0dHA6Ly93ZWIuaXJ0bm9nLm9yZy9pcnRub2ctcm9vdC1jYS5jcnQwYgYI KwYBBQUHMAKGVmh0dHA6Ly9jaW5pcDEwMG50c2JzLmlydG5vZy5uZXQvQ2VydEVucm9sbC9jaW5p cDEwMG50c2JzLmlydG5vZy5uZXRfaXJ0bm9nLXJvb3QtY2EuY3J0MIGsBggrBgEFBQcwAoaBn2xk YXA6Ly8vQ049aXJ0bm9nLXJvb3QtY2EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2Vz LENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9aXJ0bm9nLERDPW5ldD9jQUNlcnRpZmlj YXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUF AAOCAgEACC57xRxMg7I3JOLl3T0o9KPlBDWBgzgywIVFQ3xkufdX/7+6Va+ODT3fJxHFC1XQTfS9 nxbRnUAJYYWdCbh3m+4282KfobpUNImFHZLdzS6Sk+gtmnE4yNtn5AOyXVsFDkJ/RfjYpR+puH6k d082MDYCEzTjzc9PipN0JWZripASj7VbAg0SW3ZROVg6BWM3lioUZYqRgiFdNbiw3+MGv+F7WSHE mIp6/BD5w/+a751M0ntSKMmtia6QPErJhbLwG1z/lzSIEORXSP/qcw0HzD97AP5GL2fmdGoO/lhl zMOwNik+j/VDP/uogFEsq+FZ7qUuZXQhy0Qu36mA4QSGZt2irxvaYvA5pgOizjEgnTe3M2gGxChv hvgyRieI7lvn+IbxAHggaR2E6YSq4jqBfrk1VuL3/aWFtrvEU1FBhbzXrkwV2vaLtUqPNNmB9iYv bymp3Onk0eTxz8hC8ETYyeR/N8gKXKqb1+mNMd3p53Icu17Ga+v+lhrecy9oDJw23eJTTjylGc90 gMIKGqFBf9iORgSa4eG3peUZA324vakb/IAevDrf5vmS7+e4gHng38gNkoLlGTDjuLOw/TtIbc1b XaTn8snBcNUfRkdEBkOlfR5yl8FLPclSIsafWdOL2OoLFf2zJwMSgQbtinY42lVBVzQAWCQ5Og9j S4ptGLwxggMRMIIDDQIBATBUMEYxEzARBgoJkiaJk/IsZAEZFgNuZXQxFjAUBgoJkiaJk/IsZAEZ FgZpcnRub2cxFzAVBgNVBAMTDmlydG5vZy1yb290LWNhAgonCLhKAAAAAACFMA0GCWCGSAFlAwQC AwUAoIICDzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMjAzMTAx NjAzMzRaME8GCSqGSIb3DQEJBDFCBED2CIubBl7naei41IPdGF3Fz0Gqd3oVvBRs3byf8M6GRDOf dGE1ZDl7MMy3bush2rf4CyQk4smNC0+vcSgOGZLkMGMGCSsGAQQBgjcQBDFWMFQwRjETMBEGCgmS JomT8ixkARkWA25ldDEWMBQGCgmSJomT8ixkARkWBmlydG5vZzEXMBUGA1UEAxMOaXJ0bm9nLXJv b3QtY2ECCicIuEoAAAAAAIUwZQYLKoZIhvcNAQkQAgsxVqBUMEYxEzARBgoJkiaJk/IsZAEZFgNu ZXQxFjAUBgoJkiaJk/IsZAEZFgZpcnRub2cxFzAVBgNVBAMTDmlydG5vZy1yb290LWNhAgonCLhK AAAAAACFMIG3BgkqhkiG9w0BCQ8xgakwgaYwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgFAMA0GCCqGSIb3DQMCAgEoMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwCwYJYIZIAWUDBAIB MAcGBSsOAwIaMAoGCCqGSIb3DQIFMA0GCSqGSIb3DQEBAQUABIGAd9p/wm+xtW4JZm+2xMvmjlFi VogUovg6TrM0+96ZN6M1xJg7/7IUr6m8qbvLuD2KKcvtiaOrU+lRihgi5xLD8jPeP5jFBXMrmJ8w SHL1ysTkvBGpXkMSu7LUr6qqqanEm8hkSPcmE24eP+r+wZ84wtwDTPLB5Wic6PgCYtgS3noAAAAA AAA= ------=_NextPart_000_0003_01CCFEAD.6FE074C0--