Date: Thu, 9 Feb 2017 09:02:19 -0600 From: Eric van Gyzen <vangyzen@FreeBSD.org> To: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-stable@freebsd.org Subject: Re: GELI with integrity verification on swap Message-ID: <b84fe010-9e63-dc1d-330d-79cb2f19ec68@FreeBSD.org> In-Reply-To: <76025e5011614a74cffeae62394a7cd4@ijs.si> References: <76025e5011614a74cffeae62394a7cd4@ijs.si>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/09/2017 08:51, Mark Martinec wrote: > 2) During boot the log shows a short flurry of messages like: > > kernel: GEOM_ELI: Device gpt/sw1.eli created. > kernel: GEOM_ELI: Encryption: AES-XTS 128 > kernel: GEOM_ELI: Integrity: HMAC/SHA256 > kernel: GEOM_ELI: Crypto: software > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 16384 bytes of data at > offset 11452985344. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 11453235200. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 11453239296. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 11453239296. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 11453239296. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 11453235200. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 4096. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 0. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at > offset 11453239296. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data at > offset 65536. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data at > offset 8192. > kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data at > offset 0. > > which, according to geli(8) man page, could be normal, as these blocks were never > written to beforehand and contain random stuff. As the geli swap device is > supposed to be ephemeral (Flags: ONETIME, W-DETACH, AUTH, W-OPEN), there is > no way to initialize blocks on a swap device on boot. So, are these messages > really safe to be ignored? > > Which brings us another, perhaps more important question: what business does > a kernel has to do READING from a swap device, blocks which never have been > written to before by this incarnation of the kernel??? I can't comment on the rest of your message, but these look like the normal "tasting" of a new provider. Some geom classes are looking for metadata near the beginning and end of the provider to see if they contain a partition scheme, file system, or whatever that class should consume. Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b84fe010-9e63-dc1d-330d-79cb2f19ec68>