Date: Thu, 21 Jun 2012 12:07:21 +0300 From: icameto icameto <icameto@gmail.com> To: freebsd-fs@freebsd.org Subject: ZFS Encryption with GELI for only /opt partition Message-ID: <CAMve_NNwowTXS0m58AhQvFvDyg4W-pAoEj72zUMAARhfgStUBw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi everyone, I have some problems with ZFS encryption and GELI. I used ZFS for /opt partition(da1.eli which is encrypted form of seperate da1 disk ). And I want to encrypt the /opt partition by using GELI. My disks states' like below *# kldstat* Id Refs Address Size Name 1 15 0xffffffff80100000 c9fe20 kernel 2 1 0xffffffff80da0000 1ad0e0 zfs.ko 3 2 0xffffffff80f4e000 3a68 opensolaris.ko 4 1 0xffffffff80f52000 1cdc0 geom_eli.ko 5 2 0xffffffff80f6f000 2b0b8 crypto.ko 6 2 0xffffffff80f9b000 dc40 zlib.ko *# cat /etc/rc.conf | grep geli * geli_devices="da1" geli_da1_flags="-k /root/da1.key" #geli_detach="NO" *# zpool status* pool: opt state: ONLINE scrub: none requested config: NAME STATE READ WRITE CKSUM opt ONLINE 0 0 0 da1.eli ONLINE 0 0 0 errors: No known data errors *# geli status* Name Status Components da1.eli ACTIVE da1 *# df -h* Filesystem Size Used Avail Capacity Mounted on /dev/da0s1a 9.7G 280M 8.6G 3% / devfs 1.0K 1.0K 0B 100% /dev /dev/da0s1d 15G 734M 14G 5% /usr opt 7.8G 120K 7.8G 0% /opt *# geli detach da1.eli* geli: Cannot destroy device da1.eli (error=16). *# zfs unmount -a* *# df -h* Filesystem Size Used Avail Capacity Mounted on /dev/da0s1a 9.7G 280M 8.6G 3% / devfs 1.0K 1.0K 0B 100% /dev /dev/da0s1d 15G 734M 14G 5% /usr *# geli detach da1.eli* geli: Cannot destroy device da1.eli (error=16). When I use "zfs mount -a" command there must be prompted for entering passphrase, but it immediately mounted by zfs without prompting anything. *# zfs mount -a* *# df -h* Filesystem Size Used Avail Capacity Mounted on /dev/da0s1a 9.7G 280M 8.6G 3% / devfs 1.0K 1.0K 0B 100% /dev /dev/da0s1d 15G 734M 14G 5% /usr opt 7.8G 120K 7.8G 0% /opt But i want to be able to detach encrypted device and remove that from zpool as cannot access by anyone. But I got an error when i try to detach the device (opt partition) . And I can still access the disk on ZFS pool. Isn't it strange buddies ? Briefly, Is there any solution to detach and unmount encrypted disk for only /opt partition(which is in ZFS Pool). Could you please give me advice on this progress ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMve_NNwowTXS0m58AhQvFvDyg4W-pAoEj72zUMAARhfgStUBw>