Freebsd
無法在 FreeBSD 上使用 GELI (Blowfish-CBC) 讀取舊的 UFS1 超級塊
嘗試在 FreeBSD10.3 GELI/Blowfish-CBC 上添加加密分區。/ 和 /swap 上的 AES 工作正常,但我無法使用 Blowfish 添加額外的加密分區。這是我的做法:
# mount -o exec /dev/da2p1 /mnt/storekey # gpart create -s gpt da1 da1 created # gpart add -t freebsd-ufs -l usrdata da1 da1p1 added # newfs gpt/usrdata gpt/usrdata: 102400.0MB (209715128 sectors) block size 32768, fragment size 4096 using 164 cylinder groups of 626.09MB, 20035 blks, 80256 inodes. super-block backups (for fsck_ffs -b #) at: 192, 1282432, 2564672, 3846912, 5129152, 6411392, 7693632, 8975872, 10258112, 11540352, 12822592, 14104832, 15387072, 16669312, 17951552, 19233792, 20516032, 21798272, 23080512, 24362752, 25644992, 26927232, 28209472, 29491712, 30773952, 32056192, 33338432, 34620672, 35902912, 37185152, 38467392, 39749632, 41031872, 42314112, 43596352, 44878592, 46160832, 47443072, 48725312, 50007552, 51289792, 52572032, 53854272, 55136512, 56418752, 57700992, 58983232, 60265472, 61547712, 62829952, 64112192, 65394432, 66676672, 67958912, 69241152, 70523392, 71805632, 73087872, 74370112, 75652352, 76934592, 78216832, 79499072, 80781312, 82063552, 83345792, 84628032, 85910272, 87192512, 88474752, 89756992, 91039232, 92321472, 93603712, 94885952, 96168192, 97450432, 98732672, 100014912, 101297152, 102579392, 103861632, 105143872, 106426112, 107708352, 108990592, 110272832, 111555072, 112837312, 114119552, 115401792, 116684032, 117966272, 119248512, 120530752, 121812992, 123095232, 124377472, 125659712, 126941952, 128224192, 129506432, 130788672, 132070912, 133353152, 134635392, 135917632, 137199872, 138482112, 139764352, 141046592, 142328832, 143611072, 144893312, 146175552, 147457792, 148740032, 150022272, 151304512, 152586752, 153868992, 155151232, 156433472, 157715712, 158997952, 160280192, 161562432, 162844672, 164126912, 165409152, 166691392, 167973632, 169255872, 170538112, 171820352, 173102592, 174384832, 175667072, 176949312, 178231552, 179513792, 180796032, 182078272, 183360512, 184642752, 185924992, 187207232, 188489472, 189771712, 191053952, 192336192, 193618432, 194900672, 196182912, 197465152, 198747392, 200029632, 201311872, 202594112, 203876352, 205158592, 206440832, 207723072, 209005312 # dd if=/dev/random of=/mnt/storekey/da0p1b.k bs=64 count=1 1+0 records in 1+0 records out 64 bytes transferred in 0.000032 secs (1988411 bytes/sec) # geli init -s 4096 -K /mnt/storekey/da0p1b.k -e Blowfish-CBC -a hmac/sha256 -l 448 gpt/usrdata Enter new passphrase: Reenter new passphrase: Metadata backup can be found in /var/backups/gpt_usrdata.eli and can be restored with the following command: # geli restore /var/backups/gpt_usrdata.eli gpt/usrdata # geli attach -k /mnt/storekey/da0p1b.k gpt/usrdata Enter passphrase: # newfs gpt/usrdata.eli gpt/usrdata.eli: 91022.2MB (186413448 sectors) block size 32768, fragment size 4096 using 146 cylinder groups of 626.09MB, 20035 blks, 80256 inodes. newfs: can't read old UFS1 superblock: read error from block device: Invalid argument
好的,Google說我需要用隨機輸出破壞數據:
# dd if=/dev/random of=gpt/usrdata.eli bs=8m dd: gpt/usrdata.eli: No such file or directory
好的,我想檢查:
# geli list Geom name: da0p4.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software Version: 7 UsedKey: 0 Flags: BOOT KeysAllocated: 50 KeysTotal: 50 Providers: 1. Name: da0p4.eli Mediasize: 26843378688 (25G) Sectorsize: 512 Mode: r1w1e1 Consumers: 1. Name: da0p4 Mediasize: 26843379200 (25G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 1073891328 Mode: r1w1e1 Geom name: gpt/swap.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gpt/swap.eli Mediasize: 4294967296 (4.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: gpt/swap Mediasize: 4294967296 (4.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 1073891328 Mode: r1w1e1 Geom name: gpt/usrdata.eli State: ACTIVE EncryptionAlgorithm: Blowfish-CBC KeyLength: 448 AuthenticationAlgorithm: HMAC/SHA256 Crypto: software Version: 7 UsedKey: 0 Flags: AUTH KeysAllocated: 200 KeysTotal: 200 Providers: 1. Name: gpt/usrdata.eli Mediasize: 95443685376 (89G) Sectorsize: 4096 Mode: r0w0e0 Consumers: 1. Name: gpt/usrdata Mediasize: 107374148096 (100G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 17408 Mode: r1w1e1 # ls /dev acpi da0p2 geom.ctl mem sndstat ttyv9 apm da0p3 gpt midistat stderr ttyva apmctl da0p4 gptid mpt0 stdin ttyvb atkbd0 da0p4.eli hpet0 nfslock stdout ttyvc audit da1 io null sysmouse ttyvd bpf da1p1 iso9660 pass0 ttyv0 ttyve bpf0 da2 kbd0 pass1 ttyv1 ttyvf bpsm0 da2p1 kbd1 pass2 ttyv2 ufssuspend cd0 devctl kbdmux0 pass3 ttyv3 urandom console devctl2 klog pci ttyv4 usbctl consolectl devstat kmem psm0 ttyv5 xpt0 ctty fd led pts ttyv6 zero da0 fd0 log random ttyv7 da0p1 fido mdctl reroot ttyv8
怎麼了?謝謝您的幫助。
需要使用完整的設備名稱:
dd if=/dev/random of=/dev/gpt/usrdata.eli bs=1m newfs /dev/gpt/usrdata.eli
在這裡得到了這個解決方案:https ://forums.freebsd.org/threads/57051/#post-324890