GELI encryption: backup provider's metadata. Why "Feature"? We NEED it!

[panz]

4 months ago I posted this:

https://bugs.freenas.org/issues/2375#ticket

It has been considered a "feature". You know, if you erase encryption metadata...

I think we need this "feature". Please.

 

[cyberjock]

You would have better luckposting to that ticket. They really don't come here and read the forums.

I'll agree that the metadata should be able to be backed up. But at the same time, I'm not aware of any users that have needed to recover their metadata... yet. So I'm not sure how "important" this feature is. If we were having problems with this, then I could see this being a problem.

 

[Dusan]

I entered this ticket later (I did not notice yours): https://bugs.freenas.org/issues/3206
It seems iXsystems is looking into that one.

 

[cyberjock]

I'm a little disappointed on this whole metadata thing because I asked these similar questions back when encryption was added in 8.3.0 and I was told that I didn't understand the purpose of the geli metadata. I was 99% sure I had it right despite never hearing of "geli" until 2 weeks prior. At least its getting looked into. I really do think that this was some serious oversight and should be fixed ASAP.

 

[panz]

It seems that Linux users are taking this thing more seriously ;)

https://wiki.archlinux.org/index.php/LUKS#Backup_the_cryptheader

http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery

mine ticket was unassigned :(

 

[dlavigne]

As suggested, comment on your own thread. This brings it back up in the queue and before the devs' eyeballs.

 

[panz]

Understood :D

 

[ajohnson]

Sorry to revive an old thread, but this still has not been addressed.
https://bugs.freenas.org/issues/2375#ticket
It appears it has been discussed to death by the devs a year ago but they couldn't come to agreement about where the geli metadata backups should be stored.

I already posted to the ticket about a month back inquiring about it again. Specifically, I asked "Why not just make them available for download in the interface like geli recovery key?" and have not heard back.
Even if i went and submitted a patch to correct it but allowing for web UI download, I'm not sure it would be accepted, because the devs seem to believe this requires some greater level of security or convenience when backing it up or something (note the mention of cloud backup tie-ins in the bug report by one developer).

Maybe someone here has some inroads with the devs and can ask, but I really don't know what else to do.

It might help if more people went on that thread and inquired about it to let the devs know you want this added.

 

[cyberjock]

@ajohnson

I will send an email to the devs and see if they can update the ticket. I can't promise a response though. I feel like encryption is something of a red-headed stepchild and was promptly forgotten and made a low priority after it was implemented.