GELI devices produced with 9.0+ fail when mounted on 8.2, etc?
Garrett Cooper
yanegomi at gmail.com
Mon Oct 17 00:01:39 UTC 2011
Hi,
I was curious why GELI encrypted images produced on 9.0+ couldn't be loaded on 8.2 images, and it looks like something is broken with previous versions of FreeBSD (8.2 at least). If I do the following to generate a disk image on a 9.0+ host:
#!/bin/sh
set -e
dd if=/dev/zero bs=1m count=48 of=di
echo foobar > ckey
md=$(mdconfig -a -t vnode -f di)
geli init -B none -K ckey -P /dev/$md
geli attach -k ckey -p /dev/$md
makefs -t ffs /dev/$md.eli /usr/src/etc
geli detach /dev/$md
mdconfig -d -u $md
Transfer the image over to an 8.2 host and do the following:
#!/bin/sh
echo foobar > ckey
md=$(mdconfig -a -f di)
geli attach -k ckey -p /dev/$md
The attach will fail with the following message:
geli: MD5 hash mismatch for /dev/md0.
Please note that according to the documentation for geli init, unless I was to provide a value via -a (say -a HMAC/MD5), it shouldn't "Enable data integrity verification". If instead I build the initial image on FreeBSD 8.2, transfer the image over to a 9.0+ host, then try to geli attach it as shown above, things just work.
Seems like a regression was introduced into geli somewhere in 9.0.. just haven't started digging in to determine why.
Thanks,
-Garrett
FreeBSD fallout.local 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r226332M: Wed Oct 12 22:48:55 PDT 2011 root at fallout.local:/usr/obj/usr/src/sys/FALLOUT amd64
FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
More information about the freebsd-geom
mailing list