Bug: geli(8) ignores keylen=256 in fstab

Leander

Leander

Hi,

It seems like latest FreeBSD RELEASE ignores keylen=256 in /etc/fstab for swap encryption by geli(8). I assume this is a bug, since it had been working for the past years. Please have a look at the output below:

Code: 
root@FreeBSD [~]$ cat /etc/fstab

/dev/mirror/swap.eli  none  swap  sw,aalgo=HMAC/SHA256,ealgo=AES-XTS,keylen=256,sectorsize=4096  0  0
fdesc  /dev/fd  fdescfs  rw  0  0
proc  /proc  procfs  rw  0  0

root@FreeBSD [~]$ swapoff /dev/mirror/swap.eli ; sleep 1 ; swapon /dev/mirror/swap.eli ; geli list
Geom name: mirror/swap.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: software
Version: 7
Flags: ONETIME, W-DETACH, W-OPEN
KeysAllocated: 3
KeysTotal: 3
Providers:
1. Name: mirror/swap.eli
  Mediasize: 10737414144 (10G)
  Sectorsize: 4096
  Mode: r1w1e0
Consumers:
1. Name: mirror/swap
  Mediasize: 10737417728 (10G)
  Sectorsize: 512
  Mode: r1w1e1

FreeBSD FreeBSD.LocalDomain 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015  root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
 
A second test showed, that swap settings of /etc/fstab are completly ignored. I deleted the entire line:
Code: 
/dev/mirror/swap.eli none swap sw,aalgo=HMAC/SHA256,ealgo=AES-XTS,keylen=256,sectorsize=4096 0 0
and afterwards did:
swapoff /dev/mirror/swap.eli ; sleep 1 ; swapon /dev/mirror/swap.eli ; geli list
And the result was the same as before. This is weird. Why is this happening?
 
Turns out, it only seems to be a bug when one tries to change the keylen of a "auto-ZFS"-installation when swap mirror has been selected. This can be fixed by destroying the mirror manually and setting it up completly new again.

Cheers
 
You must log in or register to reply here.
Back
Top