Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 Jan 2010 02:09:14 +0000
From:      RW <>
Subject:   Re: GELI file systems unusable after "glabel label" operations
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, 23 Jan 2010 02:34:31 +0100
Roland Smith <> wrote:

> On Fri, Jan 22, 2010 at 03:08:00AM -0600, Scott Bennett wrote:
> >
> >      Why is that stored in the last sector of the device, rather
> > than in the key file?  What is the purpose of the key file if not
> > to hold that type of information?

The keyfile is user generated, usually just some bytes from /dev/random

> All geom(4) providers use their last sector to store metadata; it's a
> design decision. Probably because the first sector(s) are used for
> boot blocks or filesystem metadata etc.
> It would have been possible to store the generated key in the
> user-provided keyfile. But since it is not mandatory to have a
> keyfile (you can also use just a passphrase), it makes more sense to
> use the already provided metadata space in the last sector.

Having it on the last sector allows the auto-detection of geli
partitions. It would be nice to have the option of having the metadata
in a separate metadata file instead of the last sector, to allow geli
partitions to be indistinguishable from securely erased partitions.

Want to link to this message? Use this URL: <>