svn commit: r216147 - head/sbin/geom/class/eli

Eygene Ryabinkin rea at
Fri Dec 3 18:54:05 UTC 2010

Fri, Dec 03, 2010 at 06:15:34PM +0100, Ulrich Sp??rlein wrote:
> On Fri, 03.12.2010 at 10:06:19 +0000, Xin LI wrote:
> > +.Pp
> > +It is recommended to write the whole provider before the first use,
> > +in order to make sure that all sectors and their corresponding
> > +checksums are properly initialized into a consistent state.
> >  .Sh SEE ALSO
> >  .Xr crypto 4 ,
> >  .Xr gbde 4 ,
> I'm not sure this wording is very helpful. Why should there be a
> "consistent" state? In fact, if you write all zeros to the partition
> before creating the geom,

No, partition should be fully overwritten _after_ you had created the
encrypted partition and this should be done on the .eli partition to
allow the GEOM_ELI to place the correct checksums into the sectors of
the provider geli is operating at.  "geli init" won't do this, because
it is time-consuming, I think.

But I wonder if it will be a good idea to arm "geli init" with the
additional flag that will attach the created partition, overwrite it
with some data and detach the provider afterwards.  The data that will
overwrite the provider should be "random" -- we can't just use some
known one, since this will allow attacker to replay the blocks
(overwrite them back) with the full knowledge of their contents.

But perhaps we will need not the fully random data, but something that
is derived from the secret key, because what we really need to hide from
the attacker is a plain text that leaves inside the encrypted sectors.
Eygene Ryabinkin                                        ,,,^..^,,,
[ Life's unfair - but root password helps!           | ]
[ 82FE 06BC D497 C0DE 49EC  4FF0 16AF 9EAE 8152 ECFB | ]

More information about the svn-src-all mailing list