Date: Thu, 19 Jun 2008 15:27:23 +0100 From: Thomas Hurst <tom.hurst@clara.net> To: Greg Rivers <gcr@tharned.org> Cc: RW <fbsd06@mlists.homeunix.com>, freebsd-geom@freebsd.org Subject: Re: Is geli detectable? Message-ID: <20080619142723.GA97597@voi.aagh.net> In-Reply-To: <alpine.BSF.1.10.0806182101330.16812@nc8000.tharned.org> References: <20080618225407.1337ad03@gumby.homeunix.com.> <alpine.BSF.1.10.0806182101330.16812@nc8000.tharned.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Greg Rivers (gcr@tharned.org) wrote: > All but the last sector will indeed appear to be more or less random > data. But the last sector contains the geli metadata, and thus a > distinction can be made. You can prove this by running `geli dump > <provider>` when the provider is not attached (decrypted), or by > otherwise inspecting the last sector. Yup, this is how the .eli devices magic into existance on boot/attach. onetime encrypted devices would appear to be the exception; the metadata only lives in memory. It doesn't look like it'd be that difficult to put the metadata elsewhere, and pass it manually to geli to attach a provider. Similarly I expect you could encrypt the metadata block itself, again forgoing auto-detection in favour of manually mounting; I believe TrueCrypt does this. For archival purposes, you can already geli backup metadata for storage elsewhere, and geli clear/kill it so the device is simply filled with random data (plus, apparantly, a zeroed last sector). -- Thomas 'Freaky' Hurst http://hur.st/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080619142723.GA97597>