kern/152647: Use of geli hmac/sha512 yields GEOM_ELI "bytes
corrupted at offset" error
Intensity
e88c8uazkf at snkmail.com
Sun Nov 28 17:20:11 UTC 2010
>Number: 152647
>Category: kern
>Synopsis: Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 28 17:20:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Intensity
>Release: 8.1-STABLE
>Organization:
>Environment:
FreeBSD 8.1-STABLE-201011 FreeBSD 8.1-STABLE-201011 #0: Wed Nov 3 21:19:34 UTC 2010 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
I install a GELI+ZFS system as instructed at:
http://forums.freebsd.org/showthread.php?t=2775
However, I specify "-a HMAC/SHA512" to the geli command. In doing so from the live CD, that running GELI/ZFS setup seems to work just fine with no indication of a problem. However, when rebooting, perhaps some information about the GELI system is lost, since upon rebooting I get a multitude of errors looking like:
GEOM_ELI: ad0s1a: 8192 bytes corrupted at offset 6455033856.
When I follow the instructions again but without adding "-a HMAC/SHA512" then everything works. The authentication layer should add resilience, not create fatal problems in mounting the system. I'd recommend checking into this but also running tests on more elaborate setups.
>How-To-Repeat:
Follow the instructions at:
http://forums.freebsd.org/showthread.php?t=2775
but add "-a HMAC/SHA512" to the geli command.
>Fix:
No known fix. The use of HMAC/SHA512 may not be popular or as well-tested. I understand that this level is redundant when the underlying ZFS provides checksums, but I wanted to do both.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list