Problem in attaching newly encrypted disk

tthorsten at yahoo.de tthorsten at yahoo.de
Mon Jul 5 10:32:01 PDT 2004 

> Date: Mon, 5 Jul 2004 12:50:30 -0400
> From: Allan Fields <bsd at afields.ca>
> To: tthorsten at yahoo.de
> Cc: freebsd-geom at freebsd.org
> Subject: Re: Problem in attaching newly encrypted disk
> 
> On Mon, Jul 05, 2004 at 06:26:34PM +0200, tthorsten at yahoo.de wrote:
>> Hi,
>>
>> I have a serious problem after I have done the following steps:
>>
>> Initalized new encrypted disk with
>>  gbde init /dev/ad1s1c -i -L /etc/gbde/ad1s1c
>>   -> sector_size = 2048
>>   -> one key
>>
>> Attached it to the kernel via
>>  gbde attach ad1s1c -l /etc/gbde/ad1s1c
>>
>> Created new filesystem with
>>  newfs -U /dev/ad1s1c.bde
>>
>> Mounted the filesystem with
>>  mount /dev/ad1s1c.bde /dsk
>>
>> Then I put all my private data onto the newly created encrypted disk and
>> unmounted and detached it from kernel before halting the system.
>>
>> When I started the system again and tried to attach the disk again with
>>  gbde attach ad1s1c -l /etc/gbde/ad1s1c
>> NOTHING HAPPENS! There will no /dev/ad1s1c.bde device there to mount.
>> The Passphrase is correct!
>
> Hmm.. you're volume may be corrupted now, see below..
>
>>
>> So I made a dd of the first 1MB of /dev/ad1s1c and did a strings on it.
>> See output at end of this mail.
>> There are Error MEssages like "Read Boot error", "not a directory", "not
>> ufs format"
>> etc. I do not have such error messages in the dd output from other
>> encrypted partitions
>> I use.
>>
>> What went wrong? Does anybody have an answer or is all my data lost?
>
> Simple answer: yes, and this is one of the risks with all encrypted
> file systems.  Probablly quite challenging to get it back absent
> backups.
>
>> I would be very happy, if anybody could help me with this.
>
> Is it possible you've written boot code on-top of the encrypted volume?
> Those strings look to belong to boot loader.
>
> You probably shouldn't have used the raw partition for the encrypted volume,
> next time disklabel the disk and use /dev/ad1s1a .  I don't know why you
> want boot code on the second disk anyhow.
>
> Just out of curiosity, what is the output of:
>
> 	fdisk ad1 ?
>
> 	disklabel ad1s1
>

Hmm, seems really to be boot loader code. But I did not use fdisk or disklabel
after creation of the encrypted disk.
Did not know that its better to not use the raw partition :-(

Ok, thanks and here is the output of fdisk and disklabel:


root at freebsd52:/root # fdisk ad1
******* Working on device /dev/ad1 *******
parameters extracted from in-core disklabel are:
cylinders=166440 heads=16 sectors/track=63 (1008 blks/cyl)

Figures below won't work with BIOS for partitions not in cyl 1
parameters to be used for BIOS calculations are:
cylinders=166440 heads=16 sectors/track=63 (1008 blks/cyl)

Media sector size is 512
Warning: BIOS sector numbering starts with sector 1
Information from DOS bootblock is:
The data for partition 1 is:
sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD)
     start 63, size 167766732 (81917 Meg), flag 80 (active)
         beg: cyl 0/ head 1/ sector 1;
         end: cyl 1023/ head 254/ sector 63
The data for partition 2 is:
<UNUSED>
The data for partition 3 is:
<UNUSED>
The data for partition 4 is:
<UNUSED>


root at freebsd52:/root # disklabel ad1s1
# /dev/ad1s1:
8 partitions:
#        size   offset    fstype   [fsize bsize bps/cpg]
   c: 167766732        0    unused        0     0         # "raw" part, don't edit

More information about the freebsd-geom mailing list