[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-stable
Subject: Re: GELI with integrity verification on swap
From: Eric van Gyzen <vangyzen () FreeBSD ! org>
Date: 2017-02-09 15:02:19
Message-ID: b84fe010-9e63-dc1d-330d-79cb2f19ec68 () FreeBSD ! org
[Download RAW message or body]
On 02/09/2017 08:51, Mark Martinec wrote:
> 2) During boot the log shows a short flurry of messages like:
>
> kernel: GEOM_ELI: Device gpt/sw1.eli created.
> kernel: GEOM_ELI: Encryption: AES-XTS 128
> kernel: GEOM_ELI: Integrity: HMAC/SHA256
> kernel: GEOM_ELI: Crypto: software
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 16384 bytes of data at
> offset 11452985344.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 11453235200.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 11453239296.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 11453239296.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 11453239296.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 11453235200.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 4096.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 0.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data at
> offset 11453239296.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data at
> offset 65536.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data at
> offset 8192.
> kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data at
> offset 0.
>
> which, according to geli(8) man page, could be normal, as these blocks were never
> written to beforehand and contain random stuff. As the geli swap device is
> supposed to be ephemeral (Flags: ONETIME, W-DETACH, AUTH, W-OPEN), there is
> no way to initialize blocks on a swap device on boot. So, are these messages
> really safe to be ignored?
>
> Which brings us another, perhaps more important question: what business does
> a kernel has to do READING from a swap device, blocks which never have been
> written to before by this incarnation of the kernel???
I can't comment on the rest of your message, but these look like the normal
"tasting" of a new provider. Some geom classes are looking for metadata near
the beginning and end of the provider to see if they contain a partition scheme,
file system, or whatever that class should consume.
Eric
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic