Problem in attaching newly encrypted disk

Allan Fields bsd at afields.ca
Mon Jul 5 09:50:31 PDT 2004


On Mon, Jul 05, 2004 at 06:26:34PM +0200, tthorsten at yahoo.de wrote:
> Hi,
> 
> I have a serious problem after I have done the following steps:
> 
> Initalized new encrypted disk with
>  gbde init /dev/ad1s1c -i -L /etc/gbde/ad1s1c
>   -> sector_size = 2048
>   -> one key
> 
> Attached it to the kernel via
>  gbde attach ad1s1c -l /etc/gbde/ad1s1c
> 
> Created new filesystem with
>  newfs -U /dev/ad1s1c.bde
> 
> Mounted the filesystem with
>  mount /dev/ad1s1c.bde /dsk
> 
> Then I put all my private data onto the newly created encrypted disk and
> unmounted and detached it from kernel before halting the system.
> 
> When I started the system again and tried to attach the disk again with
>  gbde attach ad1s1c -l /etc/gbde/ad1s1c
> NOTHING HAPPENS! There will no /dev/ad1s1c.bde device there to mount.
> The Passphrase is correct!

Hmm.. you're volume may be corrupted now, see below..

> 
> So I made a dd of the first 1MB of /dev/ad1s1c and did a strings on it.
> See output at end of this mail.
> There are Error MEssages like "Read Boot error", "not a directory", "not 
> ufs format"
> etc. I do not have such error messages in the dd output from other 
> encrypted partitions
> I use.
> 
> What went wrong? Does anybody have an answer or is all my data lost?

Simple answer: yes, and this is one of the risks with all encrypted
file systems.  Probablly quite challenging to get it back absent
backups.

> I would be very happy, if anybody could help me with this.

Is it possible you've written boot code on-top of the encrypted volume?
Those strings look to belong to boot loader.

You probably shouldn't have used the raw partition for the encrypted volume,
next time disklabel the disk and use /dev/ad1s1a .  I don't know why you
want boot code on the second disk anyhow.

Just out of curiosity, what is the output of:

	fdisk ad1 ?

	disklabel ad1s1


> Regards,
> Thorsten
> 
> 
> Here the strings output of the first 1MB of /dev/ad1s1c:
> Read
> Boot
>  error
> ad1s1
[..]
> Hss:esp
> BTX halted
> UWVS
> Ph;4
> Wh?4
> [^_]
[..]
> DhaCgmnPprsv
> %s: not a directory.
> Not ufs
> format
> Invalid %s
> /boot.config
> %s: %s
> /boot/loader
> FreeBSD/i386 boot
> Default: %u:%s(%u,%c)%s
> boot:
> No %s
> Keyboard: %s
> slice
> label
> partition
> error %u lba %u
> /|\-

-- 
 Allan Fields, AFRSL - http://afields.ca
 2D4F 6806 D307 0889 6125  C31D F745 0D72 39B4 5541
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20040705/a321cd7b/attachment.bin


More information about the freebsd-geom mailing list