Optimize geli's algorithm to taste devices at boot
Needs ReviewPublic
Actions

Authored by pascal_freebsd.drecker.com on Jan 13 2016, 9:55 PM.

Details

Reviewers

Summary

Hi,

I'm heavily using geli to encrypt many disks in advanced ZFS setups. As a hardware change could also change the device numbers I always use labels to identify disks or partitions.

At boot geli tastes the devices (e.g. da0p3) before any label (e.g. gpt/os-0-zroot). If a system has 20 or more disks it is very painful to startup the machine because you have to press many times (e.g. 20x3=60) "enter" to skip the wrong passphrase questions.

Simple example with only 2 disks:

Enter passphrase for da0p3: GEOM_ELI: Wrong key for da0p3. Tries left: 2.
Enter passphrase for da0p3: GEOM_ELI: Wrong key for da0p3. Tries left: 1.
Enter passphrase for da0p3: GEOM_ELI: Wrong key for da0p3. No tries left.
Enter passphrase for da1p3: GEOM_ELI: Wrong key for da1p3. Tries left: 2.
Enter passphrase for da1p3: GEOM_ELI: Wrong key for da1p3. Tries left: 1.
Enter passphrase for da1p3: GEOM_ELI: Wrong key for da1p3. No tries left.
Enter passphrase for gpt/os-0-zroot:

With the patch it is possible to tell geli which providers should be tasted and nothing has to be skipped manually.

Result at boot:

Enter passphrase for gpt/os-0-zroot:

I use this patch on more than 40 boxes since the release of FreeBSD 10.0. However I do not use every label type which is supported by the patch.

Regards,
Pascal

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

pascal_freebsd.drecker.com updated this revision to Diff 12267.Jan 13 2016, 9:55 PM

pascal_freebsd.drecker.com retitled this revision from to Optimize geli's algorithm to taste devices at boot.

pascal_freebsd.drecker.com updated this object.

pascal_freebsd.drecker.com edited the test plan for this revision. (Show Details)

pascal_freebsd.drecker.com added a reviewer: pjd.

pascal_freebsd.drecker.com set the repository for this revision to rS FreeBSD src repository - subversion.

Herald added a subscriber: imp. · View Herald TranscriptJan 13 2016, 9:55 PM

pascal_freebsd.drecker.com updated this object.Jan 13 2016, 9:56 PM

Hi Pascal.

I know the patch makes your life easier, but in my opinion this should be fixed differently. All my other GEOM classes are able to store underlying provider's name in their metadata (check for example -h option to gmirror), which is then used to locate the right provider during tasting. I'd like this problem to be fixed the same way in GELI, so you could tell GELI that your underlying provider is gpt/foo. Unfortunately it is a bit hard to do currently, as the GELI metadata already take almost 512 bytes, so in order to do that you would need to implement storing additional metadata in second to last sector of the provider.

Hi Pawel,

thanks for your comment.

You’re right that my solution is more a workaround than a real solution. I like your way although we will need another sector.

It’s clear that we could not use the second to last sector for already running systems. For new installations it should not be great problem or I’m wrong?

My first idea was to use a unused byte or bit to mark the existence of the second sector. Now I think that this is not a good solution. If this disk is used in an older system geli will not know about the second sector and will report a wrong size to the underlying provider. I’m right?

So I think it is the best to increment the version number of the “geli sector” if a second sector is used.

As I like to see this feature in FreeBSD 11. How can I help?

My C coding skills are very good. Unfortunately I know nearly nothing about the internals of your GEOM classes. But I am eager to learn!

Revision Contents
Changeset List

Path

Size

sys/

geom/

eli/

g_eli.c

53 lines

Diff 12267

View Options

Optimize geli's algorithm to taste devices at bootNeeds ReviewPublicActions