On Nov 11, 2009, at 2:27 PM, Nick Guenther wrote: > On Tue, Nov 10, 2009 at 10:52 PM, Marco Peereboom <sl...@peereboom.us> wrote: >> >> where sd3 is the softraid crypto volume. >> >> On Tue, Nov 10, 2009 at 07:38:00PM -0600, c l wrote: >>> Is it possible to lock a softraid crypto volume without rebooting? >>> >>> It seems bioctl -d is what I want but I'm not sure. >>> >>> What I would like to do is unlock the volume... >>> >>> bioctl -c C -l /dev/sd0d softraid0 >>> >>> Mount it, then copy some data to it, then unmount it and lock again. >>> >>> bioctl -d softraid0 ???? >>> >>> >>> Cluestick anyone? >>> >>> >> Not sure what locking means but -d delete it. >> >> The man page has an example of -d but it comes down to >> bioctl -d sd3 > > If Marco doesn't know what 'locking' means I would say he just wants > to make sure that the volume "gets encrypted". To the OP: the volume > is always encrypted, decrypting just means that the kernel knows the > key, so as soon as you unmount it it is "locked" (though you have to > make sure your key is protected, of course). > > -Nick >
umount-ing a softraid(4) crypto device does not flush the key from bioctl. I can umount and mount a crypto device as often as I want. bioctl -d and halt are the only ways to "lock" the device. --Aaron
