Depreciate and remove gbde

Yonas Yanfa yonas at fizk.net
Tue Oct 20 00:43:03 UTC 2015


Hi Martin, thanks, that raises some interesting points. After reading PHK's
paper on GBDE, I can see enough differences between GDBE and GELI that
warrant keeping GDBE.

[ At this point for me, this part is theoretical, but it's still
interesting ] I've seen the concerned made a few times that we need to
support existing users. That's true up to a point. There's always going to
be a way to transition from GDBE to GELI if we really want to (eg. a
conversion tool), or were forced to for any reason (full decrypt and
re-encrypt), so we shouldn't be keeping GDBE in the tree solely for this
reason alone. GDBE should be in the tree for it's technical merits (which
I've found it does have). However, if it turns out in X years from today
GELI can do everything GDBE can do and better, then I would say we should
figure out a way to remove GDBE.

On Mon, Oct 19, 2015 at 7:44 PM, Martin Cracauer <cracauer at cons.org> wrote:

> Yonas Yanfa wrote on Sun, Oct 18, 2015 at 06:36:19AM -0400:
> >
> > Is there any objection to removing gbde? How many people use gbde? When
> > have you used gbde over geli, and why?
>
> You would exclude all current users from accessing their existing
> filesystems or whatever they put into that block device.
>
> A conversion tool would pretty much be forced to use the current
> kernel layers (doing the block chaining in userspace would be
> annoying), and it would be fundamentally unsafe to have your
> half-converted filesystem on disk in case of an interruption.  Plus I
> think GELI uses a bigger header so you might fall short by a couple of
> bytes and you can't do anything about it on the block level with no
> access to the filesystem.
>
> And people might not have their gbde units accessible right now, it
> might be on a laptop in a closet on a different continent.
>
> Martin
> --
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> Martin Cracauer <cracauer at cons.org>   http://www.cons.org/cracauer/
>


More information about the freebsd-current mailing list