Date: Tue, 21 Apr 2009 08:41:29 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Bernt Hansson <bernt@bah.homeip.net> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, freebsd-questions@freebsd.org Subject: Re: Encrypted slice with geli Message-ID: <20090421084129.50e45609.wmoran@potentialtech.com> In-Reply-To: <49EDBAB6.1020201@bah.homeip.net> References: <49ECCF4E.3060104@bah.homeip.net> <87zlebc7fx.fsf@kobe.laptop> <49EDBAB6.1020201@bah.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to Bernt Hansson <bernt@bah.homeip.net>: > Giorgos Keramidas said the following on 2009-04-20 23:59: > > On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt@bah.homeip.net> wrote: > >> Hello list! > >> > >> I was thinking of makeing a slice encrypted with geli. > >> > >> My question is: does geli init -s 4096 /dev/ad* erase the data on the > >> slice. The handbook didn't say yes or no, and I don't want to try > >> without asking. > > > > No, > > No, what? does it erase the data or not. It depends on exactly what part of the process you're talking about, and it depends on exactly what you mean by "erase". Geli doesn't explicitly destroy your data at any point in the process. However, most HOWTOs I've ready will tell you at some step or another to overwrite the partition using dd and /dev/zero, which _does_ destroy the data. Also, even if you skip the dd step, geli will alter the partition in such a way that typical tools will not see the data. However, if you know your stuff, you can bypass normal tools and still read (part of?) the data. So, if your question is "I want to securely destroy the data on a partition, can geli do that?" the answer is No. If your question is, "I'm switching a partition to using geli, do I need to back up my data before doing so?" the answer is YES! > But I want to keep the info on the slice. Then you need to copy it elsewhere, then copy it back after the slice is encrypted. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090421084129.50e45609.wmoran>