GELI file systems unusable after "glabel label" operations

Roland Smith rsmith at xs4all.nl
Thu Jan 14 17:42:42 UTC 2010


On Thu, Jan 14, 2010 at 01:31:55AM -0600, Scott Bennett wrote:
>      I used "glabel label" to label each of the file systems I have on external
> disk drives.  Unfortunately, afterward I am now unable to "geli attach" any of
> the GELI-encrypted file systems.  The system is FreeBSD 7.2-STABLE.  Is there
> a way to get this to work?  Or have I just lost everything in the encrypted
> file systems?

Did you use 'geli init /dev/daXsY' and 'glabel label  /dev/daXsY'? That will
overwrite the geli metadata with the glabel metadata! 

Check /var/backups. There should be *.eli files there. Those are the automatic
metadata backups that 'geli init' makes (at least in 8.0). You can restore
those backups with 'geli restore'.

Running 'geli init' again with the same parameters will not work, because
'geli init' uses a random component in the key generation. In other words, two
inits with the same password will not generate the same key!

What you should have done (for future refrence) is use geli(8) to create the
encrypted device, then create a filesystem on that encrypted device with
newfs(8) using the '-L' flag to set the volume name. Or use tunefs(8) to set
the volume name later. These names will be automatically recognized next time
you attach it and listed in /dev/ufs/.

Roland
-- 
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100114/36400108/attachment.pgp


More information about the freebsd-questions mailing list