Is geli detectable?
Thomas Hurst
tom.hurst at clara.net
Thu Jun 19 14:42:57 UTC 2008
* Greg Rivers (gcr at tharned.org) wrote:
> All but the last sector will indeed appear to be more or less random
> data. But the last sector contains the geli metadata, and thus a
> distinction can be made. You can prove this by running `geli dump
> <provider>` when the provider is not attached (decrypted), or by
> otherwise inspecting the last sector.
Yup, this is how the .eli devices magic into existance on boot/attach.
onetime encrypted devices would appear to be the exception; the metadata
only lives in memory.
It doesn't look like it'd be that difficult to put the metadata
elsewhere, and pass it manually to geli to attach a provider. Similarly
I expect you could encrypt the metadata block itself, again forgoing
auto-detection in favour of manually mounting; I believe TrueCrypt does
this.
For archival purposes, you can already geli backup metadata for storage
elsewhere, and geli clear/kill it so the device is simply filled with
random data (plus, apparantly, a zeroed last sector).
--
Thomas 'Freaky' Hurst
http://hur.st/
More information about the freebsd-geom
mailing list