Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Apr 2009 02:42:11 +0200
From:      Bernt Hansson <bernt@bah.homeip.net>
To:        Bill Moran <wmoran@potentialtech.com>
Cc:        Giorgos Keramidas <keramida@ceid.upatras.gr>, freebsd-questions@freebsd.org
Subject:   Re: Encrypted slice with geli
Message-ID:  <49EE67E3.5050201@bah.homeip.net>
In-Reply-To: <20090421084129.50e45609.wmoran@potentialtech.com>
References:  <49ECCF4E.3060104@bah.homeip.net>	<87zlebc7fx.fsf@kobe.laptop>	<49EDBAB6.1020201@bah.homeip.net> <20090421084129.50e45609.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


Bill Moran said the following on 2009-04-21 14:41:
> In response to Bernt Hansson <bernt@bah.homeip.net>:
> 
>> Giorgos Keramidas said the following on 2009-04-20 23:59:
>>> On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt@bah.homeip.net> wrote:
>>>> Hello list!
>>>>
>>>> I was thinking of makeing a slice encrypted with geli.
>>>>
>>>> My question is: does geli init -s 4096 /dev/ad* erase the data on the
>>>> slice. The handbook didn't say yes or no, and I don't want to try
>>>> without asking.
>>> No, 
>> No, what? does it erase the data or not.
> 
> It depends on exactly what part of the process you're talking about


My question is: does geli init -s 4096 /dev/ad* erase the data on the
slice

> and it depends on exactly what you mean by "erase".

Destroy it so it's no longer aviable.

> Geli doesn't explicitly destroy your data at any point in the process.
> However, most HOWTOs I've ready will tell you at some step or another
> to overwrite the partition using dd and /dev/zero, which _does_
> destroy the data.

Yes. That much I do know.

> Also, even if you skip the dd step, geli will alter the partition in
> such a way that typical tools will not see the data.  However, if you
> know your stuff, you can bypass normal tools and still read (part of?)
> the data.

Not good.

> If your question is, "I'm switching a partition to using geli, do I
> need to back up my data before doing so?" the answer is YES!

I do NOT want to backup the data unencrypted.

>> But I want to keep the info on the slice.
> 
> Then you need to copy it elsewhere, then copy it back after the slice
> is encrypted.

Dont have the space for that.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49EE67E3.5050201>