Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jan 2011 15:29:37 +0100
From:      Rolf Nielsen <>
To:        "J. Porter Clark" <>
Subject:   Re: How to label a GELI device
Message-ID:  <>
In-Reply-To: <>
References:  <>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
2011-01-25 15:07, J. Porter Clark skrev:
> On Tue, Jan 25, 2011 at 10:45:52AM +0200, Nikos Vassiliadis wrote:
>> J. Porter Clark wrote:
>>> I have an encrypted partition, /dev/da0s1d.  I can use geli
>>> attach da0s1d and obtain a device /dev/da0s1d.eli, which is a
>>> UFS filesystem.  All that works just fine.
>>> I'd like to label /dev/da0s1d so that I don't have to refer to
>>> the exact drive number, etc., which might change if I reboot
>>> with a USB stick in the system or whatever.  But glabel puts the
>>> label in the last sector, which is where GELI stores metadata.
>> You don't have to worry about this. geli uses the last sector for
>> its metadata and creates a device with one sector less to its clients.
>> The original device is 2048 sectors, the device geli provides is 2047
>> sectors:
>>> moby# diskinfo /dev/md0 /dev/md0.eli
>>> /dev/md0        512     1048576 2048    0       0
>>> /dev/md0.eli    512     1048064 2047    0       0
>> There is no way for the "internal" GEOM to mess with the "external's"
>> metadata.
> That's fine, but I want to label the "external" /dev/md0, not
> the "internal" /dev/md0.eli.
> What I eventually want to do is to "geli attach" the device
> using a name that doesn't depend on drive numbering.

Correct me if I'm wrong anyone.
You need to first label da0s1d

e.g. like so

glabel label data da0s1d

then geli init the labeled device

e.g. like so

geli init -l 256 -s 4096 label/data


geli attach label/data

That will give you a device node called /dev/label/data.eli, that you 
can newfs and mount. Unfortunately, since you already encrypted da0s1d, 
you may have to back it up, and restore the data after you've redone it. 
I had this problem a few years ago, and I had to back up and restore, 
but perhaps it's been made simpler now? Though I doubt it.

Rolf Nielsen

Want to link to this message? Use this URL: <>