Encrypted or not? Conflicting messages.

X

Xelas

Explorer
Joined
Sep 10, 2013
Messages
97
While changing out a failed drive via GUI, I saw this pop up in the shell below:

Code:
Jan  7 13:42:19 NAS GEOM_ELI: Device mirror/swap2.eli created.
Jan  7 13:42:19 NAS GEOM_ELI: Encryption: AES-XTS 128
Jan  7 13:42:19 NAS GEOM_ELI:     Crypto: hardware


However:
Code:
root@NAS:~ # zfs get encryption Mirror
NAME    PROPERTY    VALUE    SOURCE
Mirror    encryption    off        default


I have 3 pools, and this message pops up for any of them if I swap a drive out in that pool. I built this server 7-8 years ago so I don't know if I encrypted the drives or not.
So, just to be clear, I think what's happening is that the swap partition is encrypted, but the pool itself (which lives in the 2nd partition on all of my drives) is not. Is that accurate? If not, then what am I seeing?
Thank you!
 
artlessknave

artlessknave

Wizard
Joined
Oct 29, 2016
Messages
1,506
zpool status -v
do any of your GPTids end in .eli? if no, then I believe you are correct, though I am by no means an expert on GELI, since I avoided it like the plague.

I do remember seeing that message when messing around with some of my test systems but I didnt really pay attention.
 
X

Xelas

Explorer
Joined
Sep 10, 2013
Messages
97
OK - I think I was right. The swap partitions are encrypted, the data partitions with the pools are not. Running
Code:
zpool status -v

... shows that all my pools have gptids that are the normal alphabet soup:
gptid/6e85955b-b87c-11ec-bcfe-000c293ded79
.... etc.
without an ".eli" at the end.

Looks like a good way of finding out is to run
Code:
geli list

... and if I'm reading the below correctly, then I should be in good shape. All of the encrypted partitions are named only "swap*.eli" and I don't see anything in the list that looks like a data partition.

Code:
root@NAS:~ # geli list
Geom name: mirror/swap0.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: hardware
Version: 7
Flags: ONETIME
KeysAllocated: 4
KeysTotal: 4
Providers:
1. Name: mirror/swap0.eli
   Mediasize: 2147483648 (2.0G)
   Sectorsize: 512
   Mode: r1w1e0
Consumers:
1. Name: mirror/swap0
   Mediasize: 2147483648 (2.0G)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1

Geom name: mirror/swap1.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: hardware
Version: 7
Flags: ONETIME
KeysAllocated: 4
KeysTotal: 4
Providers:
1. Name: mirror/swap1.eli
   Mediasize: 2147483648 (2.0G)
   Sectorsize: 512
   Mode: r1w1e0
Consumers:
1. Name: mirror/swap1
   Mediasize: 2147483648 (2.0G)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1

..... etc.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Encrypted or not? Conflicting messages."

Similar threads

P
SWAP partition encryption is AES-XTS 128
Replies
4
Views
2K
Phil1295
P
J
  • Locked
Attempted to remove SLOG from Web-UI, possibly nuked pool
Replies
1
Views
2K
m0nkey_
m0nkey_
phenx
  • Locked
System freezes when trying to access encrypted volume
Replies
3
Views
1K
phenx
phenx
cstanley
  • Locked
Unlock Pool Fails on First Attempt
Replies
1
Views
1K
dlavigne
D
M
  • Locked
should I be worried about this?
Replies
1
Views
2K
Serverbaboon
S
Top