Questions on GELI encryption
Dan Naumov
dan.naumov at gmail.com
Wed May 27 13:25:05 UTC 2009
I decided to give geom / geli a bit of a disaster test (inside a VM)
1) I created a new disk "ad1"
2) Created a new slice on it "ad1s1"
3) Created 2 similarly sized (~20GB) partitions inside the silce:
"ad1s1d" and "ad1s1e"
=======================
geli init -s 4096 /dev/ad1s1d
Enter new passphrase:
geli attach /dev/ad1s1d
Enter passphrase:
newfs /dev/a1s1d.eli
mount /dev/a1s1d.eli /mnt/geli1
=======================
Alright, now we have a passphrase-protected geli partition working and
mounted at /mnt/geli1, now the stress test:
cp -R /usr/ports /mnt/geli1
<wait 10 seconds>
<pull the plug>
Now that we have rebooted the machine:
=======================
geli attach /dev/ad1s1d
Enter passphrase:
GEOM_ELI: Device ad1s1d.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI: Crypto: software
GEOM_LABEL: Label for provider ad1s1d.eli is ufsid/4a1d391db28ff834.
=======================
Looking good so far, right?
=======================
mount /dev/ad1s1d.eli /mnt/geli1
mount: /dev/ad1s1d.eli : Operation not permitted
fsck /dev/ad1s1d.eli
fsck: Could not determine filesystem type
=======================
Oops :(
- Dan Naumov
More information about the freebsd-geom
mailing list