Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Nov 2010 17:12:52 GMT
From:      Intensity <e88c8uazkf@snkmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/152647: Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
Message-ID:  <201011281712.oASHCqvm034384@red.freebsd.org>
Resent-Message-ID: <201011281720.oASHK9wF006526@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         152647
>Category:       kern
>Synopsis:       Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 28 17:20:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Intensity
>Release:        8.1-STABLE
>Organization:
>Environment:
FreeBSD 8.1-STABLE-201011 FreeBSD 8.1-STABLE-201011 #0: Wed Nov  3 21:19:34 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
I install a GELI+ZFS system as instructed at:

  http://forums.freebsd.org/showthread.php?t=2775

However, I specify "-a HMAC/SHA512" to the geli command.  In doing so from the live CD, that running GELI/ZFS setup seems to work just fine with no indication of a problem.  However, when rebooting, perhaps some information about the GELI system is lost, since upon rebooting I get a multitude of errors looking like:

  GEOM_ELI: ad0s1a: 8192 bytes corrupted at offset 6455033856.

When I follow the instructions again but without adding "-a HMAC/SHA512" then everything works.  The authentication layer should add resilience, not create fatal problems in mounting the system.  I'd recommend checking into this but also running tests on more elaborate setups.
>How-To-Repeat:
Follow the instructions at:

  http://forums.freebsd.org/showthread.php?t=2775

but add "-a HMAC/SHA512" to the geli command.
>Fix:
No known fix.  The use of HMAC/SHA512 may not be popular or as well-tested.  I understand that this level is redundant when the underlying ZFS provides checksums, but I wanted to do both.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011281712.oASHCqvm034384>