From owner-freebsd-geom@FreeBSD.ORG Fri Oct 1 22:07:58 2004 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A95DF16A4CE for ; Fri, 1 Oct 2004 22:07:58 +0000 (GMT) Received: from mail.kuehlbox.de (ns1.kuehlbox.de [62.159.47.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74DFE43D41 for ; Fri, 1 Oct 2004 22:07:57 +0000 (GMT) (envelope-from bsd@kuehlbox.de) Received: (qmail 27563 invoked by uid 89); 1 Oct 2004 22:08:38 -0000 Received: from unknown (HELO ?172.16.21.125?) (webmaster@kuehlbox.de@82.135.6.7) by www.kuehlbox.de with SMTP; 1 Oct 2004 22:08:38 -0000 Message-ID: <415DD535.1090902@kuehlbox.de> Date: Sat, 02 Oct 2004 00:07:49 +0200 From: Stephan Fiebrandt User-Agent: Mozilla Thunderbird 0.7.2 (Windows/20040707) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: gbde with lesser than 4 keys and different start sectors X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 22:07:58 -0000 Hello everybody, i've read thru the list and found out, that there was a bug till recently using gbde with lesser than 4 keys. I started to use bde with a different sector start and 2 keys. I am about to upgrade now to 5.3BETA6 since the pci solts on my new mainboard that i spend to my server are not working proper on 5.2.1. Well.. i ended up now with latest code at "incorrect superblock" when i try to mount the fs on it. Wanted to know what settings are "safe" to use in the future, since i am testing a 300+ GB storage and its pretty anoying to dump and restore that :). I was reading phk's nice doc about GBDE and how it works. But i am still unsure.. if 2 or 4 keys would make a difference in the question of security. For now i will stick with 4 keys, since i might boot 5.2.1. Greetz, Stephan _____________________________________ a false sence of security is worse than insecurity From owner-freebsd-geom@FreeBSD.ORG Sat Oct 2 13:36:18 2004 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78DB816A4CE for ; Sat, 2 Oct 2004 13:36:18 +0000 (GMT) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 488BC43D41 for ; Sat, 2 Oct 2004 13:36:18 +0000 (GMT) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.11/8.12.11) with ESMTP id i92DaHFw031763; Sat, 2 Oct 2004 09:36:17 -0400 (EDT) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.11/8.12.11/Submit) id i92DaFWd031762; Sat, 2 Oct 2004 09:36:15 -0400 (EDT) (envelope-from afields) Date: Sat, 2 Oct 2004 09:36:15 -0400 From: Allan Fields To: Stephan Fiebrandt Message-ID: <20041002133615.GB28121@afields.ca> References: <415DD535.1090902@kuehlbox.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <415DD535.1090902@kuehlbox.de> User-Agent: Mutt/1.4i cc: freebsd-geom@freebsd.org Subject: Re: gbde with lesser than 4 keys and different start sectors X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2004 13:36:18 -0000 On Sat, Oct 02, 2004 at 12:07:49AM +0200, Stephan Fiebrandt wrote: > Hello everybody, > > i've read thru the list and found out, that there was a bug till > recently using gbde with lesser than 4 keys. > I started to use bde with a different sector start and 2 keys. > I am about to upgrade now to 5.3BETA6 since the pci solts on my new > mainboard that i spend to my server are not working proper on 5.2.1. > Well.. i ended up now with latest code at "incorrect superblock" when i > try to mount the fs on it. That's due to the recent patch changing sector mapping as phk has described. > Wanted to know what settings are "safe" to use in the future, since i am > testing a 300+ GB storage and its pretty anoying to dump and restore > that :). I agree it's best not to need to dump/restore large devices. However, I wouldn't rule out needing to do so, just in case another serious bug surfaces. I'd say at this point gbde is mature enough to avoid bugs like that absent any major reworking of sector mapping / layout. A thing to do is test and verify the proper operation before deploying which gives a better sense of safety. (Fill up full volume, detach and reattach, reboot, panic, try all the keys, etc.) > I was reading phk's nice doc about GBDE and how it works. But i am still > unsure.. if 2 or 4 keys would make a difference in the question of security. > For now i will stick with 4 keys, since i might boot 5.2.1. It's fine to use the default 4. > Greetz, > Stephan > _____________________________________ > a false sence of security is worse than insecurity -- Allan Fields, AFRSL - http://afields.ca 2D4F 6806 D307 0889 6125 C31D F745 0D72 39B4 5541