Geli Encrypted DVDs

RW fbsd06 at mlists.homeunix.com
Sun Apr 8 12:27:36 UTC 2007 

On Sun, 8 Apr 2007 04:34:50 +0200
Pawel Jakub Dawidek <pjd at FreeBSD.org> wrote:

> On Sun, Apr 08, 2007 at 03:31:14AM +0100, RW wrote:
> > On Sun, 8 Apr 2007 02:32:33 +0200
> > Pawel Jakub Dawidek <pjd at FreeBSD.org> wrote:
> > 
> > > On Sun, Apr 08, 2007 at 12:59:42AM +0100, RW wrote:
> > > > 
> > > > In the questions list Roland Smith suggested that a geli
> > > > encrypted dvd could be created by burning the backing file from
> > > > an geli encrypted md device as a disk image. 
> > > > 
> > > > We were neither able to attach the DVD device though, see:
> > > > 
> > > > http://lists.freebsd.org/pipermail/freebsd-questions/2007-March/145433.html
> > > > 
> > > > Does anyone know if this can be made to work?
> > > > 
> > > > FWIW I have no problem putting a UFS2 filesystem on a DVD-R
> > > > without geli.
> > > 
> > > Could you give me the output of:
> > > 
> > > 	# ls -l $HOME/backupDVD.img 
> > > 	# diskinfo -v /dev/acd0
> > > 	# geli dump /dev/acd0
> > > 
> > 
> > 
> > # ls -l /home/t/dvd.img
> > -rw-r--r--  1 bob  bob  4613734400 Mar 21 13:15 /home/t/dvd.img
> > 
> > # diskinfo -v /dev/acd0
> > /dev/acd0
> >         2048            # sectorsize
> >         4613734400      # mediasize in bytes (4.3G)
> >         2252800         # mediasize in sectors
> > 
> > # geli dump /dev/acd0
> > Cannot read metadata from /dev/acd0: Invalid argument.
> > Not fully done.
> > 
> >  -------------------------------------------------
> > 
> > If I run the last command on the image file's md device instead:
> > 
> > # geli dump /dev/md0
> > Metadata on /dev/md0:
> >      magic: GEOM::ELI
> >    version: 3
> >      flags: 0x0
> >      ealgo: AES-CBC
> >     keylen: 256
> >   provsize: 4613734400
> > sectorsize: 512
> 
> The problem is different size between CD and your image. Try to create
> image with -S 2048 option.
> 

Thanks, that worked.

For the benefit of anyone trying this, the -S 2048 option is to
mdconfig. If you just use  geli init -s 2048 without setting the sector
size in  mdconfig, the dvd device fails to attach.

mdconfig(8) is a bit misleading  when it defines:

"-S sectorsize
             Sectorsize to use for malloc backed device."

More information about the freebsd-geom mailing list