kern/152647: Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error

Intensity e88c8uazkf at snkmail.com
Sun Nov 28 17:20:11 UTC 2010


>Number:         152647
>Category:       kern
>Synopsis:       Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 28 17:20:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Intensity
>Release:        8.1-STABLE
>Organization:
>Environment:
FreeBSD 8.1-STABLE-201011 FreeBSD 8.1-STABLE-201011 #0: Wed Nov  3 21:19:34 UTC 2010 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
I install a GELI+ZFS system as instructed at:

  http://forums.freebsd.org/showthread.php?t=2775

However, I specify "-a HMAC/SHA512" to the geli command.  In doing so from the live CD, that running GELI/ZFS setup seems to work just fine with no indication of a problem.  However, when rebooting, perhaps some information about the GELI system is lost, since upon rebooting I get a multitude of errors looking like:

  GEOM_ELI: ad0s1a: 8192 bytes corrupted at offset 6455033856.

When I follow the instructions again but without adding "-a HMAC/SHA512" then everything works.  The authentication layer should add resilience, not create fatal problems in mounting the system.  I'd recommend checking into this but also running tests on more elaborate setups.
>How-To-Repeat:
Follow the instructions at:

  http://forums.freebsd.org/showthread.php?t=2775

but add "-a HMAC/SHA512" to the geli command.
>Fix:
No known fix.  The use of HMAC/SHA512 may not be popular or as well-tested.  I understand that this level is redundant when the underlying ZFS provides checksums, but I wanted to do both.

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list