dumpdev on encrypted swap?
Lapo Luchini
lapo at lapo.it
Sun Jan 27 03:13:57 PST 2008
Is it possible to use an automatically-encrypted GELI swap (such as
putting ad0s1b.eli in the fstab) as a dump device?
Of course ad0s1b.eli is not useful, as dump would be one-time encrypted
and unreadable at next boot.
dumpdev="ad0s1b" should work (I guess at dump time swap is used no more,
so it wouldn't overwrite the crashdump), but of course ad0s1b is a
provider consumed by ad0s1b.eli... so kern.geom.debugflags shuold
probably be used to allow that, but I don't feel very at home with the
idea that then *every* device is protected no more by accidental overwrite.
Is there a way to have that kind of configuration "automatically work"?
(other than, I guess, hack the dump code to set the debugflags itself
just before attempting the dump, or something like that)
Lapo
More information about the freebsd-fs
mailing list