Hi there.

I'm fairly new to openbsd and I'm hoping someone with better
understanding than me of how its disk handling works can help.

Beginning my effort to encrypt a 300GB drive in a 64bit Ultrasparc,
I followed these initial steps:

1. used disklabel to create a single slice "a" on the drive

2. made a file system with newfs (is it necessary to have so many
   backup superblocks?)

3. mounted sd2a on "/home/cy" and touched it with an empty file
     "/home/cy/cryptfile"

4. zeroed out the file (and efectively the drive) with
     "dd if=/dev/zero of=/home/cy/cryptfile bs=512"


Here's the (eventual!) output of (4):

 /home/cy: write failed, file system is full
 dd: /home/cy/cryptfile: No space left on device
 576520353+0 records in
 576520352+0 records out
 295178420224 bytes transferred in 19810.722 secs (14899932 bytes/sec)



Now I have:

 # disklabel sd2a 
 # /dev/rsd2a:
 type: SCSI
 disk: SCSI disk
 label: MAW3300NC       
 flags: vendor
 bytes/sector: 512
 sectors/track: 930
 tracks/cylinder: 8
 sectors/cylinder: 7440
 cylinders: 13217
 total sectors: 585937500
 rpm: 10025
 interleave: 1
 boundstart: 0
 boundend: 585937500
 drivedata: 0 

 16 partitions:
 #                size           offset  fstype [fsize bsize  cpg]
   a:        585937200                0  4.2BSD   2048 16384    1 
   c:        585937500                0  unused


and:

 # ls -l /home/cy
 total 576661216
 -rw-r--r--  1 root  wheel  295178420224 Jun 16 03:39 cryptfile


and:

 # df -h
 Filesystem     Size    Used   Avail Capacity  Mounted on
 /dev/sd0a     1007M   44.8M    912M     5%    /
 /dev/sd0k      247G    2.0K    235G     0%    /home
 /dev/sd0d      3.9G    6.0K    3.7G     0%    /tmp
 /dev/sd0f      2.0G    559M    1.3G    29%    /usr
 /dev/sd0g     1007M    162M    795M    17%    /usr/X11R6
 /dev/sd0h      5.9G    212K    5.6G     0%    /usr/local
 /dev/sd0j      2.0G    2.0K    1.9G     0%    /usr/obj
 /dev/sd0i      2.0G    2.0K    1.9G     0%   ...
[ message continues ]

please don't cross post...

Harry Palmer wrote:

apparently, as root...



http://www.openbsd.org/faq/faq14.html#NegSpace


Nick.

[ message continues ]

You can zero the disk device directly but use bs=2m to speed it up or
use the file you've created as an encryption device with vnconfig.

There are a few ways of encrypting though.

Don't worry the -13G is perfectly normal.

275 * 0.05 = 13.75 ie 5% is reserved as root for stability and
important work, had you written the file as a normal user you would have
had 0 space left and be using 261Gs of 275.

Lookup up the faq or previous mails at marc.info as I'm sure the answer
is in both.

[ message continues ]

On Wed, 16 Jun 2010 22:46 +0100, "Kevin Chadwick"



Ok... thanks to all of you for very helpful and quick replies.

Also, apologies for not scouring the faq with sufficient tenacity - I've
printed it off for some joyous(?) future lunch hours at work.

And no more cross-posting if that's written in stone. In this case it
didn't seem unreasonable.

Thanks again chaps.

[ message continues ]

I've seen the greater than 100% full on a UFS? filesystem before when
you exceed the size of the filesystem.  There is space in the
filesystem for "lost+found" and all those superblocks? you were
complaining about that can get overwritten if you write too much to a
partition.

So setting up your "dd" to actually stop before you overfill the
filesystem is what you need to do. (using bs=# count=# ... info you
can get before you start initializing your file with the df command
without the "-k or -h" to get number of blocks and block size)

I'm sure the fine people on these lists will correct me if I'm wrong
in my assumptions...  :-)

George Morgan

[ message continues ]

Spoace for superblocks and other metadata is subtracted from available

You are wrong, there;s no such thing as overfilling a filesystem. It's
just the 5% reserved for root. An ordinary user runs out earlier. It's
in the FAQ. 



[ message continues ]

Sorry for the misinformation.  Thanks for the education.

George Morgan

[ message continues ]

Thanks for this independent advice. Looks like it works at the block
device level which must be better.

I must say that while the official openbsd documentation I've seen is
second to none, there seems to be relatively little information out
there on data encryption (compared to the biblical tombs on the subject
in the linux world). I tend to look through practiacal examples and
tutorials when I try something new, and the one I found for this was
three years old.

What I'm trying to acheive is to stripe a few of these 300GB disks
together and encrypt the resulting large volume.

I shall persevere - thanks again for your replies.

[ message continues ]

The OpenBSD culture is not one of HOWTOs. You'll have to read the

Easy enough, just create a softraid CRYPTO volume on top of a softraid
RAID-0 volume. Do keep good backups, including of the key you use.

		Joachim

[ message continues ]

I remember that I asked something similar a year ago and the answer was 
"rather don't do it" - is this still valid?
(creating a softraid crypto on top of softraid 0/1)

http://marc.info/?l=openbsd-misc&m=125139976027774

kind regards,
Robert

[ message continues ]

It may well be. Good catch.

		Joachim

[ message continues ]

The FAQ is just another word for HOWTOs.


# Han

[ message continues ]

On Fri, 18 Jun 2010 07:05 +0200, "Han Boetes" <han@mijncomputer.nl>

The FAQ is not a HOWTO.
It is much more than that.
The FAQ and man pages give you the information
you need to think for yourself.
If you can't think for yourself then OpenBSD is not for you.

[ message continues ]

search the internet and mailing lists or read the softraid, bioctl and 
associated man pages before stating there is a lack of information. a 
quick search of this mailing list for the terms "disk encryption" yields 
plenty of information:

http://marc.info/?l=openbsd-misc&w=2&r=1&s=disk+encryption&q=b

alternatively you could have made a google search for "openbsd disk 
encryption" and found


[ message continues ]

On Thu, 17 Jun 2010 06:28 -0500, "Jacob Yocom-Piatt"


I actually said a relative lack of information, but I take your point in
good spirit. Many thanks for the links, this is clearly a very helpful
community. Thanks all round.

[ message continues ]

Why don't you just use softraid(8)? No need for a filesystem, and this
particular use-case (encrypted disk) is in the EXAMPLES section of the

Again, why don't you work with the disk directly? Doing "dd if=/dev/zero
of=/dev/rsd0a conv=notrunc" would work fine. ("notrunc" is useful to
wipe the last bytes if you use a different blocksize - 512 is the

This is perfectly fine. newfs reserves, by default, 5% of all available
space for use by the root user only. This is useful in two ways: it
means root can squeeze a bit more data on the filesystem, and it
prevents the performance degradation that comes with completely filling
up a (ffs) filesystem.

What you are seeing is that the *entire* disk has been used, including
reserved space.

		Joachim

[ message continues ]