Encrypting mirrored device with geli fails
Thomas Hobbes
mymailfloods at googlemail.com
Sat Sep 8 07:05:19 PDT 2007
>>
> >>> I was trying to encrypt /dev/mirror/gm0s1f but a "MD5 mismatch"
> >> occurred:
> >>
> >> # umount /crypt
> >>> # dd if=/dev/random of=/root/gm0s1f.key bs=64 count=1
> >>> 1+0 records in
> >>> 1+0 records out
> >>> 64 bytes transferred in 0.000580 secs (110331 bytes/sec)
> >>
> >> longer.. 32k or so.
> >
> >
> > The same failure occurred.
>
> magic
>
> or you did something wrong
>
> i would do
>
> gmirror <all needed> - already done
>
> geli init -s 2048 -P -K /root/gm0s1f.key /dev/mirror/gm0s1f
>
> (or -s different, but you will probably use newfs -f 2048)
>
> geli attach -p -k /root/gm0s1f.key /dev/mirror/gm0s1f
>
> i am using geli encrpted gmirror, just without keyfile, but password only
> on 2 servers.
>
> example
>
> [root at serwer ~]# geli status
> Name Status Components
> mirror/m1.eli N/A mirror/m1
> concat/c.eli N/A concat/c
> ad2b.eli N/A ad2b
> ad0b.eli N/A ad0b
>
I did this:
# geli clear /dev/mirror/gm0s1f
# dd if=/dev/random of=/root/gm0s1f.key bs=32k count=1
# geli init -s 4096 -l 256 -K /root/gm0s1f.key /dev/mirror/gm0s1f
# geli attach -k /root/gm0s1f.key /dev/mirror/gm0s1f
Again a "MD5 mismatch" occurred. I tried it without a key and the same error
occurred. Encrypting with a onetime-key works fine. The error occures also
while doing 'geli dump /dev/mirror/gm0s1f'. Any idea what's wrong?
More information about the freebsd-questions
mailing list