From owner-freebsd-geom@FreeBSD.ORG Mon Oct 17 06:36:36 2011 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BADA01065670 for ; Mon, 17 Oct 2011 06:36:36 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 80EB38FC08 for ; Mon, 17 Oct 2011 06:36:36 +0000 (UTC) Received: by iaky10 with SMTP id y10so7157450iak.13 for ; Sun, 16 Oct 2011 23:36:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=o5hQpYPoxgP0kWsw9T6USpjW1jPU0sciguoxXvvLmQo=; b=UV1gC9KvEF5cPbjjWgrYE4my0IrMbluwRxHjOxrgHo3mYmq/fcYpfZmGSdw7SAUf9t UVuJWZ7bjgg26C4mp0WQQypNrE5dc1VXKBEaqTaFwdbb1cxk4HXT5GLBhBwiFGKGHYK2 yBD2+8LntkkaLA9k9k3gIVcvyWb96m/sEt4z8= Received: by 10.42.148.198 with SMTP id s6mr36180736icv.56.1318833395936; Sun, 16 Oct 2011 23:36:35 -0700 (PDT) Received: from [192.168.20.5] (c-24-6-49-154.hsd1.ca.comcast.net. [24.6.49.154]) by mx.google.com with ESMTPS id n30sm24650720ibl.4.2011.10.16.23.36.31 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 16 Oct 2011 23:36:31 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Garrett Cooper In-Reply-To: Date: Sun, 16 Oct 2011 23:36:29 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com> <7EC93C28-6405-443F-92C6-0291F8D88995@gmail.com> To: Xin LI X-Mailer: Apple Mail (2.1084) Cc: freebsd-geom@freebsd.org Subject: Re: GELI devices produced with 9.0+ fail when mounted on 8.2, etc? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2011 06:36:36 -0000 On Oct 16, 2011, at 7:51 PM, Xin LI wrote: > On Sun, Oct 16, 2011 at 7:43 PM, Garrett Cooper = wrote: >> On Oct 16, 2011, at 5:32 PM, Xin LI wrote: >>=20 >>> On Sun, Oct 16, 2011 at 5:01 PM, Garrett Cooper = wrote: >>> [...] >>>> The attach will fail with the following message: >>>>=20 >>>> geli: MD5 hash mismatch for /dev/md0. >>>=20 >>> I'm pretty sure that this is from userland, and because FreeBSD 9.x >>> have support of GELI metadata version 6, while 8.2 have support up = to >>> metadata version 5. It's not a regression IMHO. >>=20 >> In other words this is a design flaw, because geli metadata is only = forwards compatible. One of FreeBSD's claims to fame is its backwards = compatibility -- why aren't geom developers adhering to this? >=20 > Backward compatibility is that you can expect what's working in an > older version of FreeBSD would just work on a newer version of > FreeBSD, not the contrary. Perhaps, but the fact that this behavior / set of expectations = isn't clearly called out in the geli manpage -- and the fact that there = isn't official versioning (or at the very least this isn't made a = requirement based on the output above) associated with each metadata = format is a fault that should be corrected. Otherwise, how can GELI be = considered a viable mechanism for encrypting data across multiple = versions of FreeBSD? It seems very shortsighted that there isn't at = least a mechanism for reading -- or at least rejecting -- later versions = of metadata in an intuitive manner. FWIW if you use geli from an earlier version of FreeBSD (hint: = chroot, jail), it does the right thing.. which means that I have a means = for producing encrypted images on later versions of FreeBSD now. = Nevertheless, having to do so in such a roundabout manner is annoying = and I'm sure I won't be the only one that will be affected by this. Thanks, -Garrett=