GELI file systems unusable after "glabel label" operations

Ivan Voras ivoras at freebsd.org
Thu Jan 14 09:30:54 UTC 2010


Scott Bennett wrote:
>      I used "glabel label" to label each of the file systems I have on external
> disk drives.  Unfortunately, afterward I am now unable to "geli attach" any of
> the GELI-encrypted file systems.  The system is FreeBSD 7.2-STABLE.  

Hmm, did you say you had geli-encrypted drives, then you have 
overwritten the last sector with glabel, and then you are surprised you 
cannot get to the data any more?

 > Or have I just lost everything in the encrypted
 > file systems?

I think you did.

 From the geli(8) man page:

"init ... The last provider’s sector is used to store metadata."

 From the glabel(8) man page:

"label ... metadata is stored in a provider’s last sector."

If you did "geli init ... da0" and then "glabel label ... da0" then you 
have lost the geli metadata, which contains keys, etc. You might recover 
this, though, by reading geli(8) about the "restore" command.

There is no way you can label your devices after you applied geli to 
them (which is one of the points of using geli...). You could destroy 
the geli layer (and the data), apply the label and then apply geli to 
the label.




More information about the freebsd-questions mailing list