I have a partition encrypted with geli on a VIA hardware with hardware encryption enabled using padlock. The partition attaches and mounts ok. The problem is that VIA hardware only supports AES-CBC 128 which is attached to geli as hardware encryption. When I add an USB hard drive with an AES-XTS encryption (which is default when using geli init) the system attaches the partition but I cannot see it in /dev as .eli partition.
So it seems when mixing hardware and software attached geli devices, geli is not working properly. Did anybody get same error as me? In fact I get no error on console or in logs, it's just not working.
And in /var/dev:
Where is /dev/da1s1g.eli ?
Here more info:
and:
and info from console (from when I've attached the geli device:
Also I have to mention that when attaching second device (the one that is software) it takes a little longer than for the hardware one, and longer from time when I only use software.
So it seems when mixing hardware and software attached geli devices, geli is not working properly. Did anybody get same error as me? In fact I get no error on console or in logs, it's just not working.
Code:
# geli list
Geom name: da0s1g.eli
State: ACTIVE
EncryptionAlgorithm: AES-CBC
KeyLength: 128
Crypto: hardware
UsedKey: 0
Flags: NONE
Providers:
1. Name: da0s1g.eli
Mediasize: 251255582720 (234G)
Sectorsize: 4096
Mode: r1w1e1
Consumers:
1. Name: da0s1g
Mediasize: 251255586816 (234G)
Sectorsize: 512
Mode: r1w1e1
Geom name: da1s1g.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: software
UsedKey: 0
Flags: READ-ONLY
Providers:
1. Name: da1s1g.eli
Mediasize: 85983231488 (80G)
Sectorsize: 512
Mode: r0w0e0
Consumers:
1. Name: da1s1g
Mediasize: 85983232000 (80G)
Sectorsize: 512
Mode: r1w0e1
And in /var/dev:
Code:
# ls /dev/da*eli
/dev/da0s1g.eli
Where is /dev/da1s1g.eli ?
Here more info:
Code:
# kldstat
Id Refs Address Size Name
1 11 0xc0400000 bd97b4 kernel
2 1 0xc0fda000 8a80 geom_label.ko
3 1 0xc2cde000 12000 geom_eli.ko
4 2 0xc2d01000 23000 crypto.ko
5 1 0xc2d27000 a000 zlib.ko
6 1 0xc3536000 4000 padlock.ko
and:
Code:
# dmesg|grep padlock
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
and info from console (from when I've attached the geli device:
Code:
GEOM_ELI: Device da0s1g.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI: Crypto: hardware
GEOM_ELI: Device da1s1g.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI: Crypto: software
Code:
uname -a
FreeBSD www.example.com 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0:Mon Oct
3 13:57:53 EEST 2011 admin@www.example.com:/usr/obj/usr/src/sys/MACHINE i386
Also I have to mention that when attaching second device (the one that is software) it takes a little longer than for the hardware one, and longer from time when I only use software.