Hi,
I was curious why GELI encrypted images produced on 9.0+ couldn't be
loaded on 8.2 images, and it looks like something is broken with previous
versions of FreeBSD (8.2 at least). If I do the following to generate a disk
image on a 9.0+ host:
#!/bin/sh
set -e
dd if=/dev/zero bs=1m count=48 of=di
echo foobar > ckey
md=$(mdconfig -a -t vnode -f di)
geli init -B none -K ckey -P /dev/$md
geli attach -k ckey -p /dev/$md
makefs -t ffs /dev/$md.eli /usr/src/etc
geli detach /dev/$md
mdconfig -d -u $md
Transfer the image over to an 8.2 host and do the following:
#!/bin/sh
echo foobar > ckey
md=$(mdconfig -a -f di)
geli attach -k ckey -p /dev/$md
The attach will fail with the following message:
geli: MD5 hash mismatch for /dev/md0.
Please note that according to the documentation for geli init, unless I
was to provide a value via -a (say -a HMAC/MD5), it shouldn't "Enable data
integrity verification". If instead I build the initial image on FreeBSD 8.2,
transfer the image over to a 9.0+ host, then try to geli attach it as shown
above, things just work.
Seems like a regression was introduced into geli somewhere in 9.0..
just haven't started digging in to determine why.
Thanks,
-Garrett
FreeBSD fallout.local 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r226332M: Wed Oct 12
22:48:55 PDT 2011 [email protected]:/usr/obj/usr/src/sys/FALLOUT amd64
FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011
[email protected]:/usr/obj/usr/src/sys/GENERIC
amd64_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send any mail to "[email protected]"
