GELI error when using Software and Hardware Encryption

General questions about the FreeBSD operating system. Ask here if your question does not fit elsewhere.

GELI error when using Software and Hardware Encryption

Postby overmind » 06 Oct 2011, 16:34

I have a partition encrypted with [file]geli[/file] on a VIA hardware with hardware encryption enabled using [file]padlock[/file]. The partition attaches and mounts ok. The problem is that VIA hardware only supports AES-CBC 128 which is attached to [file]geli[/file] as hardware encryption. When I add an USB hard drive with an AES-XTS encryption (which is default when using [file]geli init[/file]) the system attaches the partition but I cannot see it in [file]/dev[/file] as [file].eli[/file] partition.

So it seems when mixing hardware and software attached [file]geli[/file] devices, [file]geli[/file] is not working properly. Did anybody get same error as me? In fact I get no error on console or in logs, it's just not working.

Code: Select all
# geli list
Geom name: da0s1g.eli
State: ACTIVE
EncryptionAlgorithm: AES-CBC
KeyLength: 128
Crypto: hardware
UsedKey: 0
Flags: NONE
Providers:
1. Name: da0s1g.eli
   Mediasize: 251255582720 (234G)
   Sectorsize: 4096
   Mode: r1w1e1
Consumers:
1. Name: da0s1g
   Mediasize: 251255586816 (234G)
   Sectorsize: 512
   Mode: r1w1e1

Geom name: da1s1g.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: software
UsedKey: 0
Flags: READ-ONLY
Providers:
1. Name: da1s1g.eli
   Mediasize: 85983231488 (80G)
   Sectorsize: 512
   Mode: r0w0e0
Consumers:
1. Name: da1s1g
   Mediasize: 85983232000 (80G)
   Sectorsize: 512
   Mode: r1w0e1


And in /var/dev:
Code: Select all
# ls /dev/da*eli
/dev/da0s1g.eli


Where is [file]/dev/da1s1g.eli[/file] ?

Here more info:
Code: Select all
# kldstat
Id Refs Address    Size     Name
 1   11 0xc0400000 bd97b4   kernel
 2    1 0xc0fda000 8a80     geom_label.ko
 3    1 0xc2cde000 12000    geom_eli.ko
 4    2 0xc2d01000 23000    crypto.ko
 5    1 0xc2d27000 a000     zlib.ko
 6    1 0xc3536000 4000     padlock.ko


and:

Code: Select all
# dmesg|grep padlock
padlock0: <AES-CBC,SHA1,SHA256> on motherboard


and info from console (from when I've attached the [file]geli[/file] device:
Code: Select all
GEOM_ELI: Device da0s1g.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: hardware
GEOM_ELI: Device da1s1g.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI:     Crypto: software


Code: Select all
uname -a
FreeBSD www.example.com 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0:Mon Oct 
3 13:57:53 EEST 2011 admin@www.example.com:/usr/obj/usr/src/sys/MACHINE  i386


Also I have to mention that when attaching second device (the one that is software) it takes a little longer than for the hardware one, and longer from time when I only use software.
overmind
Member
 
Posts: 315
Joined: 18 Nov 2008, 12:29

Postby graudeejs » 06 Oct 2011, 16:41

did you try [cmd=#]geli attach ...[/cmd]?

System won't attach USB automatically.
Auto attachment only works at boot.
User avatar
graudeejs
Style(9) Addict
 
Posts: 4591
Joined: 16 Nov 2008, 23:23
Location: Riga, Latvia

Postby overmind » 06 Oct 2011, 16:47

Yes, I've attached using [file]geli attach[/file] command. And as you see [file]/dev/da1s1g.eli[/file] appears in [file]geli list[/file] but not on [file]/dev[/file] (that is in fact the problem). So when crypto hardware is present, crypto software is not working properly?
overmind
Member
 
Posts: 315
Joined: 18 Nov 2008, 12:29

Postby graudeejs » 06 Oct 2011, 17:18

Looks like a bug. You should send Problem Report
User avatar
graudeejs
Style(9) Addict
 
Posts: 4591
Joined: 16 Nov 2008, 23:23
Location: Riga, Latvia


Return to General

Who is online

Users browsing this forum: No registered users and 3 guests