From owner-freebsd-questions@FreeBSD.ORG Mon Feb 4 21:25:35 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 06FB3179 for ; Mon, 4 Feb 2013 21:25:35 +0000 (UTC) (envelope-from mhca12@gmail.com) Received: from mail-ob0-f173.google.com (mail-ob0-f173.google.com [209.85.214.173]) by mx1.freebsd.org (Postfix) with ESMTP id C3694E0 for ; Mon, 4 Feb 2013 21:25:34 +0000 (UTC) Received: by mail-ob0-f173.google.com with SMTP id dn14so6725137obc.4 for ; Mon, 04 Feb 2013 13:25:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=92QAGfSN9QQlwdxt4Ywlk5xohdyLgxxBcRhRfEEzwJM=; b=JE1kV/iSJHakEM6nSRaoNBZvIegvj8FKa5nezeustzvQlixp/WHAvqgy9uylZYncq+ XIhkKjfA4nYWOjhjpJ2DUWQc6p5uJcD3PCdMUuj4gdIKv+YB3ypowNoPJbrZ5p4F/jKB s6lylGqruAta0ErmJNxdOQQVWeDNyrxXIEKbPaEwpG/kEFhaKvXJP6O30WKllPsmQKtO MtkEaGL3SwEXIHFyZY+NI5M7BeQz5VSeK4ZRtCJ1gOLxF4OxSKVbWc82Xp+Ucm5gPz+L sQASJFG3QPGYuOBxs8Cu3A/dMy+3r9KPF5trxwg/s/D84WtfvapNAjYVWKOSXlp1v5a1 pi/w== MIME-Version: 1.0 X-Received: by 10.60.13.65 with SMTP id f1mr2251939oec.87.1360013134016; Mon, 04 Feb 2013 13:25:34 -0800 (PST) Received: by 10.76.34.73 with HTTP; Mon, 4 Feb 2013 13:25:33 -0800 (PST) In-Reply-To: References: Date: Mon, 4 Feb 2013 22:25:33 +0100 Message-ID: Subject: Re: geli overhead? From: mhca12 To: dweimer@dweimer.net Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 21:25:35 -0000 On Mon, Feb 4, 2013 at 10:19 PM, dweimer wrote: > On 02/04/2013 2:56 pm, mhca12 wrote: >> >> Is there some overhead associated with the geli setup as >> described earlier? >> >> $ df -h >> Filesystem Size Used Avail Capacity Mounted on >> /dev/ada0p3.eli 127G 6.9G 119G 5% / >> devfs 1.0k 1.0k 0B 100% /dev >> /dev/gpt/boot 991M 339M 642M 35% /bootdir >> $ gpart show >> => 34 312581741 ada0 GPT (149G) >> 34 128 1 freebsd-boot (64k) >> 162 2097152 2 freebsd-ufs (1.0G) >> 2097314 310484461 3 freebsd-ufs (148G) >> >> Where did 21G from the 148G go? >> >> As suggested in dan.me.uk geli install guide I used geli init -a >> HMAC/SHA256 >> and also ran dd if=/dev/zero of=/dev/gpt/enc.eli across the eli volume. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > > Did you use the -a option when doing the geli init? > > > -a aalgo Enable data integrity verification (authenti- > cation) using the given algorithm. This > will > reduce size of available storage and also > reduce speed. For example, when using 4096 > bytes sector and HMAC/SHA256 algorithm, 89% > of > the original provider storage will be avail- > able for use. Currently supported > algorithms > are: HMAC/MD5, HMAC/SHA1, HMAC/RIPEMD160, > HMAC/SHA256, HMAC/SHA384 and HMAC/SHA512. > If > the option is not given, there will be no > authentication, only encryption. The recom- > mended algorithm is HMAC/SHA256. Yes I did (see above). Do I have to init the volume again to skip authentication? Does skipping authentication also remove the requirement of zeroing the whole eli disk for the checksums?