Yves Bruggeman
Cadet
- Joined
- Oct 30, 2013
- Messages
- 5
Starting with FreeNAS 9.2.1.6 and above (including 9.3) it's not possible anymore to attach a GELI encrypted zvol.
This used to work in 9.2.1.5 and below (including 8.3)
For information, the same thing happens with a GBDE encrypted volume
Code:
# cat /etc/version; uname -r FreeNAS-9.2.1.6-RELEASE-x64 (ddd1e39) 9.2-RELEASE-p9 # zfs create -V 2G tank/crypto # dd if=/dev/random of=/tmp/crypto.key bs=64 count=1 # geli init -s 4096 -K /tmp/crypto.key /dev/zvol/tank/crypto Enter new passphrase: Reenter new passphrase: Metadata backup can be found in /var/backups/zvol_tank_crypto.eli and can be restored with the following command: # geli restore /var/backups/zvol_tank_crypto.eli /dev/zvol/tank/crypto # geli dump /dev/zvol/tank/crypto Metadata on /dev/zvol/tank/crypto: magic: GEOM::ELI version: 6 flags: 0x0 ealgo: AES-XTS keylen: 128 provsize: 2147483648 sectorsize: 4096 keys: 0x01 iterations: 805363 Salt: ec70a8e2346b87bfe3bea763479cee8102a68d70e77b0a92553a25978a5142182c96f9cc1ba79972aa964fe43a928948e058de75070553c1f4b1c2d7417c75f2 Master Key: 8e88583e8ca41d4b068481edfc5350c35d57bbb50100254bf871cdbe68aa38e90b8823d7da802a4f937e19b45f09cae827e96dceb34fef70b2013b0674c31e937cf817b9911c39551886e5b7bff4fb082671d6adc1ec75535f6b52e5f10229392b369e91ecd81c286a89b463e434f592d4254039baa07f05ddf7daa54c8ca7e3956febd15a7fdc4df17cb43b450ce40557f0a9523b8abbf0075caa719b259d2b57d78671438dae6c7199300ff45e4fa2d4865900043ecf80e6b128bd06e2cb350442dca244c1469939f122f3b485059cb4b5d9e545e3ab3dbcc010580cc39734c2f83ac2d9d45bc2f15a4f6955a3b496ef4268b544862b3fabf0015ef9870e2b3c3ed6a2a47269bc64ae4b64033280f18381e9c20fda3832130103e4c776ee6b13fce514f3380da9f83496c28db1c631888b3f38ad8934ec9f238cfc620dff02c12effabb473ad566a1e61e3cf8a62a4f0e237e6c8ede59b974859928174bc1c1b7ff3ec675943a81adcfcbc27929d503af92cc5f3880275812cd173c2437fbc MD5 hash: 510be4eb9c9ef7c18fa98f342d246c54 # geli attach -k /tmp/crypto.key /dev/zvol/tank/crypto Enter passphrase: geli: Provider zvol/tank/crypto is invalid.
This used to work in 9.2.1.5 and below (including 8.3)
For information, the same thing happens with a GBDE encrypted volume
Code:
# gbde init /dev/zvol/tank/secret -K /tmp/crypto.key Enter new passphrase: Reenter new passphrase: # gbde attach /dev/zvol/tank/secret -k /tmp/crypto.key Enter passphrase: gbde: Attach to zvol/tank/secret failed: Provider not found: "zvol/tank/secret"