geli external header (metadata)

grarpamp grarpamp at gmail.com
Wed Jun 19 07:17:25 UTC 2013 

> I made a patch to support of external header (metadata) on GEOM ELI (geli)
> System: FreeBSD 9-STABLE r250964 i386
> geli patch - http://pastebin.com/UGpnMN19
> regresion patch - http://pastebin.com/hJVkTpJZ

It would be nice to see this option or some similar fix implemented.

It's plausible (perhaps even at to deniability), for someone to have
a disk full of random data if that is part of their disk testing
or wipe for reuse strategy as well as other applications where
random data is used.

But having a sector on that very same random media or system that
screams 'GELI' and matches g_eli.h would seem not a good idea at
all. GELI thereby earns a higher place on the list of cryptos tried
to find brute access, or to examine its implementation closely to
find a weak access. Much better to offer detachment of metadata for
those who prefer it and do not mind use of USB or other means to
store and associate passphrase, keyfile and metadata.

Simple detachment is good, but not an encrypted solution...
In the longer term, incorporating access to metadata after the
passphrase/keyfile entry process (under a new encrypted metadata
scheme) could be better. It would then appear random. And so even
if it was still placed alongside as a separate automatic sector for
the simplest end user model, it would not appear any different. It
may even be a useful option (depending on how the user expects to
use the main data, such as with some app that writes to the whole,
or most of the, extent every time) to have the encrypted metadata
change, such as by including a timestamp at attach/detach/some_kernel_time,
so that, if still alongside, it does not appear to an observer over
time to be a static blob, which could give away info about what the
extent is for.

Whether the data covers an entire device, slice, partition, file
or some other full or partial extent... it just does not seem good
at all to have this unencrypted bit there saying: 'Hello, I'm GELI'.


> I'd much prefer to have this implemented without the need of
> storing metadata outside.

If GELI presents a 1:1 crypt:clear device, there's no way to put
the metadata within those same number of presented sectors, it would
be obliterated. It would have to be outside, or accept all metadata
parameters by the command line, for which a separate metadata
file/sector is easier to manage. Then again, use of 'aalgo' presents
fewer sectors so there is maybe a method there.

More information about the freebsd-geom mailing list