Re: gbde and geli on 6.2

On 27/09/2007, Roland Smith <rsmith@xxxxxxxxx> wrote:
On Wed, Sep 26, 2007 at 11:09:22PM +0100, Chris wrote:
Hi I am concerned about the availabilities of these encryptions in
freebsd releases that are marked stable.

It seems gbde has a problem when the the data written goes over the
lba boundary around lba48.

http://lists.freebsd.org/pipermail/freebsd-geom/2007-August/002524.html

I suffered this problem error example below. Usage at the time was
approx 150gig when I first noticed it.

g_vfs_done():ad6s1c.bde[WRITE(offset=493964558336, length=131072)]error = 1

After reading about this problem on a few diff hits (all with no
response on fixes) I tried geli.

However I seen this in geli within an hour of using it.

GEOM_ELI: Crypto WRITE request failed (error=1).
ad6s1c.eli[WRITE(offset=0, length=131072)]

I've been running a GELI encrypted /home partition on 6.2-STABLE amd64
for months without problems. I've had trouble with GELI on usb
harddisks, but that seems to be related to the USB/ATAPI controller.

The message seems to come from /usr/src/sys/geom/eli/g_eli_integrity.c,
in the function g_eli_auth_write_done. But for a more detailed analysys,
you'd have to set kern.geom.eli.debug to 3, and see what else pops
up. The headers indicate that the error number is used according to
errno.h, which lists 1 as being "Operation not permitted".

Both GELI and GBDE fail with the same length of request. So the error
might depend on the underlaying code in the kernel (bio* functions).

Are you sure that the disk and controller are working properly?

Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)



As I said no dma errors or any hd related errors of any sort with
encyrption turned off. How big are your drives?

Chris
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Should I use gbde or geli?
    ... I realize that gbde and geli are not designed to be better than the ... install a new pass-phrase without having to re-encode all the ... connected to the alarm system, so when the alarm is tripped, the server ...
    (FreeBSD-Security)
  • Re: geli or gbde encryption of slices
    ... i have a question about chosing geli or gbde.. ... +> I was playing around with geli an gbde after last EuroBSDCon. ... I also used gshsec on +> the usb disc to even make things more difficult. ... +> a usb key and passphrase. ...
    (FreeBSD-Security)
  • GELI - disk encryption GEOM class committed.
    ... GELI is different than GBDE. ... It is fast - geli performs simple sector-to-sector encryption. ... Allows to backup/restore Master Keys, so when user have to quickly ...
    (freebsd-current)
  • Re: gbde and geli on 6.2
    ... lba boundary around lba48. ... However I seen this in geli within an hour of using it. ... but that seems to be related to the USB/ATAPI controller. ... Both GELI and GBDE fail with the same length of request. ...
    (freebsd-stable)
  • Re: Kernel Source Divergence, Security (was: booting gbde-encrypted filesystem)
    ... +>>commit it? ... +> I'm short of time, and GBDE is not the top priority ... geli on top of it. ... that the main difference between gbde/geli is how crypto is ...
    (FreeBSD-Security)