尝试在FreeBSD10.3 GELI / Blowfish-CBC上添加encryption分区。 AES上/和/交换工作正常,但我不能使用Blowfish添加额外的encryption分区。 这是我做的方式:
# mount -o exec /dev/da2p1 /mnt/storekey # gpart create -s gpt da1 da1 created # gpart add -t freebsd-ufs -l usrdata da1 da1p1 added # newfs gpt/usrdata gpt/usrdata: 102400.0MB (209715128 sectors) block size 32768, fragment size 4096 using 164 cylinder groups of 626.09MB, 20035 blks, 80256 inodes. super-block backups (for fsck_ffs -b #) at: 192, 1282432, 2564672, 3846912, 5129152, 6411392, 7693632, 8975872, 10258112, 11540352, 12822592, 14104832, 15387072, 16669312, 17951552, 19233792, 20516032, 21798272, 23080512, 24362752, 25644992, 26927232, 28209472, 29491712, 30773952, 32056192, 33338432, 34620672, 35902912, 37185152, 38467392, 39749632, 41031872, 42314112, 43596352, 44878592, 46160832, 47443072, 48725312, 50007552, 51289792, 52572032, 53854272, 55136512, 56418752, 57700992, 58983232, 60265472, 61547712, 62829952, 64112192, 65394432, 66676672, 67958912, 69241152, 70523392, 71805632, 73087872, 74370112, 75652352, 76934592, 78216832, 79499072, 80781312, 82063552, 83345792, 84628032, 85910272, 87192512, 88474752, 89756992, 91039232, 92321472, 93603712, 94885952, 96168192, 97450432, 98732672, 100014912, 101297152, 102579392, 103861632, 105143872, 106426112, 107708352, 108990592, 110272832, 111555072, 112837312, 114119552, 115401792, 116684032, 117966272, 119248512, 120530752, 121812992, 123095232, 124377472, 125659712, 126941952, 128224192, 129506432, 130788672, 132070912, 133353152, 134635392, 135917632, 137199872, 138482112, 139764352, 141046592, 142328832, 143611072, 144893312, 146175552, 147457792, 148740032, 150022272, 151304512, 152586752, 153868992, 155151232, 156433472, 157715712, 158997952, 160280192, 161562432, 162844672, 164126912, 165409152, 166691392, 167973632, 169255872, 170538112, 171820352, 173102592, 174384832, 175667072, 176949312, 178231552, 179513792, 180796032, 182078272, 183360512, 184642752, 185924992, 187207232, 188489472, 189771712, 191053952, 192336192, 193618432, 194900672, 196182912, 197465152, 198747392, 200029632, 201311872, 202594112, 203876352, 205158592, 206440832, 207723072, 209005312 # dd if=/dev/random of=/mnt/storekey/da0p1b.k bs=64 count=1 1+0 records in 1+0 records out 64 bytes transferred in 0.000032 secs (1988411 bytes/sec) # geli init -s 4096 -K /mnt/storekey/da0p1b.k -e Blowfish-CBC -a hmac/sha256 -l 448 gpt/usrdata Enter new passphrase: Reenter new passphrase: Metadata backup can be found in /var/backups/gpt_usrdata.eli and can be restored with the following command: # geli restore /var/backups/gpt_usrdata.eli gpt/usrdata # geli attach -k /mnt/storekey/da0p1b.k gpt/usrdata Enter passphrase: # newfs gpt/usrdata.eli gpt/usrdata.eli: 91022.2MB (186413448 sectors) block size 32768, fragment size 4096 using 146 cylinder groups of 626.09MB, 20035 blks, 80256 inodes. newfs: can't read old UFS1 superblock: read error from block device: Invalid argument 好吧,谷歌说我需要用随机输出销毁数据:
# dd if=/dev/random of=gpt/usrdata.eli bs=8m dd: gpt/usrdata.eli: No such file or directory
好的,我想检查一下:
# geli list Geom name: da0p4.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software Version: 7 UsedKey: 0 Flags: BOOT KeysAllocated: 50 KeysTotal: 50 Providers: 1. Name: da0p4.eli Mediasize: 26843378688 (25G) Sectorsize: 512 Mode: r1w1e1 Consumers: 1. Name: da0p4 Mediasize: 26843379200 (25G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 1073891328 Mode: r1w1e1 Geom name: gpt/swap.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gpt/swap.eli Mediasize: 4294967296 (4.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: gpt/swap Mediasize: 4294967296 (4.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 1073891328 Mode: r1w1e1 Geom name: gpt/usrdata.eli State: ACTIVE EncryptionAlgorithm: Blowfish-CBC KeyLength: 448 AuthenticationAlgorithm: HMAC/SHA256 Crypto: software Version: 7 UsedKey: 0 Flags: AUTH KeysAllocated: 200 KeysTotal: 200 Providers: 1. Name: gpt/usrdata.eli Mediasize: 95443685376 (89G) Sectorsize: 4096 Mode: r0w0e0 Consumers: 1. Name: gpt/usrdata Mediasize: 107374148096 (100G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 17408 Mode: r1w1e1 # ls /dev acpi da0p2 geom.ctl mem sndstat ttyv9 apm da0p3 gpt midistat stderr ttyva apmctl da0p4 gptid mpt0 stdin ttyvb atkbd0 da0p4.eli hpet0 nfslock stdout ttyvc audit da1 io null sysmouse ttyvd bpf da1p1 iso9660 pass0 ttyv0 ttyve bpf0 da2 kbd0 pass1 ttyv1 ttyvf bpsm0 da2p1 kbd1 pass2 ttyv2 ufssuspend cd0 devctl kbdmux0 pass3 ttyv3 urandom console devctl2 klog pci ttyv4 usbctl consolectl devstat kmem psm0 ttyv5 xpt0 ctty fd led pts ttyv6 zero da0 fd0 log random ttyv7 da0p1 fido mdctl reroot ttyv8
怎么了? 谢谢您的帮助。
需要使用完整的设备名称:
dd if=/dev/random of=/dev/gpt/usrdata.eli bs=1m newfs /dev/gpt/usrdata.eli
得到这个解决scheme在这里: https : //forums.freebsd.org/threads/57051/#post-324890