FUD about CGD and GBDE
Bernd Walter
ticso at cicely12.cicely.de
Thu Mar 3 12:32:01 GMT 2005
On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote:
> In message <20050303120421.GW86348 at cicely12.cicely.de>, Bernd Walter writes:
>
> >No matter what disk you take - writes never have been atomic.
> >The major difference I see is that you get a read error back in
> >the disk failure case, while such a crypto failure produces more or
> >less random data without any error.
> >Mounting unclean filesystems rw for bg_fsck can be considered
> >dangerous with such unexpected data corruption.
> >And how would you know that a restore from backup is required for
> >a damaged file?
>
> 100% true.
>
> The trouble is that it would cost a lot in performance and a doubling
> in metadata to protect yourself against this.
Keeping the old and new key together with an digest from both encrypted
contents until we have an acknowledge from backing store would really
help.
RAID syncronity is the same problem - at least you want to know which
blocks are possibly asyncron for a quick boot phase.
Todays computers are still missing general purpose NVRAM for those
bookkeeping :(
Without NVRAM all you can do is using a disk block for it and accept
the performance hit or live with the risk.
--
B.Walter BWCT http://www.bwct.de
bernd at bwct.de info at bwct.de
More information about the freebsd-hackers
mailing list