Solved [Solved] GELI swap flags obsolete?

  • Thread starter Deleted member 13721
  • Start date
D

Deleted member 13721

Guest
Hello,

Since the GELI swap flags are supposedly obsolete, how are you supposed to specify options such as key length without manually intervening after every reboot? I haven't been able to find anything conclusive on this subject, so any help would be appreciated. :)
 
Re: GELI swap flags obsolete?

Maybe I'm lagging behind, but I didn't know that geli_swap_flags was deprecated. Where did you find out about that?
 
Re: GELI swap flags obsolete?

fonz said:
Maybe I'm lagging behind, but I didn't that geli_swap_flags was deprecated. Where did you find out about that?
Click to expand...

I noticed it on my console after my settings stopped taking effect one day, i.e. 128 bit AES instead of the 256 I specified. It's also briefly mentioned in one of the mailing lists. There's a post on here about using /etc/fstab for onetime options, but it does not explain how it's supposed to be done. I'm still looking for information on that.
 
Re: GELI swap flags obsolete?

Well, I don't use geli_swap_flags myself because my swap partitions are usually already inside GELI-encrypted slices (thus(ly?) eliminating the need), but I still want to know what's going on, so I'm going to look into this.
 
Re: GELI swap flags obsolete?

Starting with FreeBSD 10.0, thanks to Hiroki Sato, there are a lot more options in /etc/fstab: http://www.freebsd.org/cgi/man.cgi?...FreeBSD+10.0-RELEASE&arch=default&format=html.

There's an example at the bottom of that page. It does not show use of all the options, but they are mentioned. They ought to work the same as other options. Untested, options from geli(8):
Code: 
# Device           Mountpoint      FStype      Options                                                                                                                            Dump    Pass#
/dev/da1p2.eli  none                 swap         sw,aalgo=HMAC/SHA256, ealgo=AES-XTS,keylen=128,sectorsize=512              0       0
 
Re: GELI swap flags obsolete?

wblock@ said:
Starting with FreeBSD 10.0, thanks to Hiroki Sato, there are a lot more options in /etc/fstab: http://www.freebsd.org/cgi/man.cgi?...FreeBSD+10.0-RELEASE&arch=default&format=html.

There's an example at the bottom of that page. It does not show use of all the options, but they are mentioned. They ought to work the same as other options. Untested, options from geli(8):
Code: 
# Device           Mountpoint      FStype      Options                                                                                                                            Dump    Pass#
/dev/da1p2.eli  none                 swap         sw,aalgo=HMAC/SHA256, ealgo=AES-XTS,keylen=128,sectorsize=512              0       0
Click to expand...

Have you been able to get that to work? I can't. I've turned swap on and off, tried different variations of the above and there's no evidence it's actually having any effect.
 
Re: GELI swap flags obsolete?

No, the "untested" means I haven't tried it. No spare partition to test on. What version of FreeBSD are you using?
 
Re: GELI swap flags obsolete?

wblock@ said:
No, the "untested" means I haven't tried it. No spare partition to test on. What version of FreeBSD are you using?
Click to expand...

Ok for whatever reason using swapon and swapoff wasn't enough, so I rebooted,it finally read the /etc/fstab and worked. This is on FreeBSD 10-RELEASE-P5.

Thanks @wblock and @fonz. :)
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top