From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  4 21:19:25 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 26CB6CB6
 for <freebsd-questions@freebsd.org>; Mon,  4 Feb 2013 21:19:25 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com
 [24.240.198.187]) by mx1.freebsd.org (Postfix) with ESMTP id B46D8FFA
 for <freebsd-questions@freebsd.org>; Mon,  4 Feb 2013 21:19:24 +0000 (UTC)
Received: from www.dweimer.net (webmail.dweimer.local [192.168.5.1])
 by webmail.dweimer.net (8.14.5/8.14.5) with ESMTP id r14LJNEY088863
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <freebsd-questions@freebsd.org>; Mon, 4 Feb 2013 15:19:23 -0600 (CST)
 (envelope-from dweimer@dweimer.net)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 04 Feb 2013 15:19:23 -0600
From: dweimer <dweimer@dweimer.net>
To: freebsd-questions@freebsd.org
Subject: Re: geli =?UTF-8?Q?overhead=3F?=
Organization: dweimer.net
Mail-Reply-To: dweimer@dweimer.net
In-Reply-To: <CAHUOmamYud7md9=5yYfWvEsQZUWKHgPRUdwhUpaNae71B-nxvA@mail.gmail.com>
References: <CAHUOmamYud7md9=5yYfWvEsQZUWKHgPRUdwhUpaNae71B-nxvA@mail.gmail.com>
Message-ID: <abe71e782475fd98aef8e77721e3be9b@dweimer.net>
X-Sender: dweimer@dweimer.net
User-Agent: Roundcube Webmail/0.8.1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: dweimer@dweimer.net
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2013 21:19:25 -0000

On 02/04/2013 2:56 pm, mhca12 wrote:
> Is there some overhead associated with the geli setup as
> described earlier?
> 
> $ df -h
> Filesystem         Size    Used   Avail Capacity  Mounted on
> /dev/ada0p3.eli    127G    6.9G    119G     5%    /
> devfs              1.0k    1.0k      0B   100%    /dev
> /dev/gpt/boot      991M    339M    642M    35%    /bootdir
> $ gpart show
> =>       34  312581741  ada0  GPT  (149G)
>          34        128     1  freebsd-boot  (64k)
>         162    2097152     2  freebsd-ufs  (1.0G)
>     2097314  310484461     3  freebsd-ufs  (148G)
> 
> Where did 21G from the 148G go?
> 
> As suggested in dan.me.uk geli install guide I used geli init -a 
> HMAC/SHA256
> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli 
> volume.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe@freebsd.org"

Did you use the -a option when doing the geli init?


  -a aalgo        Enable data integrity verification (authenti-
                                 cation) using the given algorithm.  
This will
                                 reduce size of available storage and 
also
                                 reduce speed.  For example, when using 
4096
                                 bytes sector and HMAC/SHA256 algorithm, 
89% of
                                 the original provider storage will be 
avail-
                                 able for use.  Currently supported 
algorithms
                                 are: HMAC/MD5, HMAC/SHA1, 
HMAC/RIPEMD160,
                                 HMAC/SHA256, HMAC/SHA384 and 
HMAC/SHA512.  If
                                 the option is not given, there will be 
no
                                 authentication, only encryption.  The 
recom-
                                 mended algorithm is HMAC/SHA256.



-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/