Encrypting mirrored device with geli fails

Thomas Hobbes mymailfloods at googlemail.com
Sat Sep 8 07:05:19 PDT 2007


>>

> >>> I was trying to encrypt /dev/mirror/gm0s1f but a "MD5 mismatch"
> >> occurred:
> >>
> >> # umount /crypt
> >>> # dd if=/dev/random of=/root/gm0s1f.key bs=64 count=1
> >>> 1+0 records in
> >>> 1+0 records out
> >>> 64 bytes transferred in 0.000580 secs (110331 bytes/sec)
> >>
> >> longer.. 32k or so.
> >
> >
> > The same failure occurred.
>
> magic
>
> or you did something wrong
>
> i would do
>
> gmirror <all needed> - already done
>
> geli init -s 2048 -P -K /root/gm0s1f.key /dev/mirror/gm0s1f
>
> (or -s different, but you will probably use newfs -f 2048)
>
> geli attach -p -k /root/gm0s1f.key /dev/mirror/gm0s1f
>
> i am using geli encrpted gmirror, just without keyfile, but password only
> on 2 servers.
>
> example
>
> [root at serwer ~]# geli status
>           Name  Status  Components
> mirror/m1.eli     N/A  mirror/m1
>   concat/c.eli     N/A  concat/c
>       ad2b.eli     N/A  ad2b
>       ad0b.eli     N/A  ad0b
>

I did this:

# geli clear /dev/mirror/gm0s1f
# dd if=/dev/random of=/root/gm0s1f.key bs=32k count=1
# geli init -s 4096 -l 256 -K /root/gm0s1f.key /dev/mirror/gm0s1f
# geli attach -k /root/gm0s1f.key /dev/mirror/gm0s1f

Again a "MD5 mismatch" occurred. I tried it without a key and the same error
occurred. Encrypting with a onetime-key works fine. The error occures also
while doing 'geli dump /dev/mirror/gm0s1f'. Any idea what's wrong?


More information about the freebsd-questions mailing list