ZFS Encryption with GELI for only /opt partition
icameto icameto
icameto at gmail.com
Thu Jun 21 09:07:22 UTC 2012
Hi everyone,
I have some problems with ZFS encryption and GELI. I used ZFS for /opt
partition(da1.eli which is encrypted form of seperate da1 disk ). And I
want to encrypt the /opt partition by using GELI. My disks states' like
below
*# kldstat*
Id Refs Address Size Name
1 15 0xffffffff80100000 c9fe20 kernel
2 1 0xffffffff80da0000 1ad0e0 zfs.ko
3 2 0xffffffff80f4e000 3a68 opensolaris.ko
4 1 0xffffffff80f52000 1cdc0 geom_eli.ko
5 2 0xffffffff80f6f000 2b0b8 crypto.ko
6 2 0xffffffff80f9b000 dc40 zlib.ko
*# cat /etc/rc.conf | grep geli *
geli_devices="da1"
geli_da1_flags="-k /root/da1.key"
#geli_detach="NO"
*# zpool status*
pool: opt
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
opt ONLINE 0 0 0
da1.eli ONLINE 0 0 0
errors: No known data errors
*# geli status*
Name Status Components
da1.eli ACTIVE da1
*# df -h*
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 9.7G 280M 8.6G 3% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/da0s1d 15G 734M 14G 5% /usr
opt 7.8G 120K 7.8G 0% /opt
*# geli detach da1.eli*
geli: Cannot destroy device da1.eli (error=16).
*# zfs unmount -a*
*# df -h*
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 9.7G 280M 8.6G 3% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/da0s1d 15G 734M 14G 5% /usr
*# geli detach da1.eli*
geli: Cannot destroy device da1.eli (error=16).
When I use "zfs mount -a" command there must be prompted for entering
passphrase, but it immediately mounted by zfs without prompting anything.
*# zfs mount -a*
*# df -h*
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 9.7G 280M 8.6G 3% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/da0s1d 15G 734M 14G 5% /usr
opt 7.8G 120K 7.8G 0% /opt
But i want to be able to detach encrypted device and remove that from zpool
as cannot access by anyone. But I got an error when i try to detach the
device (opt partition) . And I can still access the disk on ZFS pool. Isn't
it strange buddies ?
Briefly, Is there any solution to detach and unmount encrypted disk for
only /opt partition(which is in ZFS Pool). Could you please give me advice
on this progress ?
More information about the freebsd-fs
mailing list