geli overhead?
mhca12
mhca12 at gmail.com
Mon Feb 4 21:25:35 UTC 2013
On Mon, Feb 4, 2013 at 10:19 PM, dweimer <dweimer at dweimer.net> wrote:
> On 02/04/2013 2:56 pm, mhca12 wrote:
>>
>> Is there some overhead associated with the geli setup as
>> described earlier?
>>
>> $ df -h
>> Filesystem Size Used Avail Capacity Mounted on
>> /dev/ada0p3.eli 127G 6.9G 119G 5% /
>> devfs 1.0k 1.0k 0B 100% /dev
>> /dev/gpt/boot 991M 339M 642M 35% /bootdir
>> $ gpart show
>> => 34 312581741 ada0 GPT (149G)
>> 34 128 1 freebsd-boot (64k)
>> 162 2097152 2 freebsd-ufs (1.0G)
>> 2097314 310484461 3 freebsd-ufs (148G)
>>
>> Where did 21G from the 148G go?
>>
>> As suggested in dan.me.uk geli install guide I used geli init -a
>> HMAC/SHA256
>> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli volume.
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>
>
> Did you use the -a option when doing the geli init?
>
>
> -a aalgo Enable data integrity verification (authenti-
> cation) using the given algorithm. This
> will
> reduce size of available storage and also
> reduce speed. For example, when using 4096
> bytes sector and HMAC/SHA256 algorithm, 89%
> of
> the original provider storage will be avail-
> able for use. Currently supported
> algorithms
> are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160,
> HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512.
> If
> the option is not given, there will be no
> authentication, only encryption. The recom-
> mended algorithm is HMAC/SHA256.
Yes I did (see above).
Do I have to init the volume again to skip authentication?
Does skipping authentication also remove the requirement of
zeroing the whole eli disk for the checksums?
More information about the freebsd-questions
mailing list