Date: Thu, 19 Jun 2008 15:27:23 +0100 From: Thomas Hurst <tom.hurst@clara.net> To: Greg Rivers <gcr@tharned.org> Cc: RW <fbsd06@mlists.homeunix.com>, freebsd-geom@freebsd.org Subject: Re: Is geli detectable? Message-ID: <20080619142723.GA97597@voi.aagh.net> In-Reply-To: <alpine.BSF.1.10.0806182101330.16812@nc8000.tharned.org> References: <20080618225407.1337ad03@gumby.homeunix.com.> <alpine.BSF.1.10.0806182101330.16812@nc8000.tharned.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Greg Rivers (gcr@tharned.org) wrote:
> All but the last sector will indeed appear to be more or less random
> data. But the last sector contains the geli metadata, and thus a
> distinction can be made. You can prove this by running `geli dump
> <provider>` when the provider is not attached (decrypted), or by
> otherwise inspecting the last sector.
Yup, this is how the .eli devices magic into existance on boot/attach.
onetime encrypted devices would appear to be the exception; the metadata
only lives in memory.
It doesn't look like it'd be that difficult to put the metadata
elsewhere, and pass it manually to geli to attach a provider. Similarly
I expect you could encrypt the metadata block itself, again forgoing
auto-detection in favour of manually mounting; I believe TrueCrypt does
this.
For archival purposes, you can already geli backup metadata for storage
elsewhere, and geli clear/kill it so the device is simply filled with
random data (plus, apparantly, a zeroed last sector).
--
Thomas 'Freaky' Hurst
http://hur.st/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080619142723.GA97597>