Hi there. I'm fairly new to openbsd and I'm hoping someone with better understanding than me of how its disk handling works can help. Beginning my effort to encrypt a 300GB drive in a 64bit Ultrasparc, I followed these initial steps: 1. used disklabel to create a single slice "a" on the drive 2. made a file system with newfs (is it necessary to have so many backup superblocks?) 3. mounted sd2a on "/home/cy" and touched it with an empty file "/home/cy/cryptfile" 4. zeroed out the file (and efectively the drive) with "dd if=/dev/zero of=/home/cy/cryptfile bs=512" Here's the (eventual!) output of (4): /home/cy: write failed, file system is full dd: /home/cy/cryptfile: No space left on device 576520353+0 records in 576520352+0 records out 295178420224 bytes transferred in 19810.722 secs (14899932 bytes/sec) Now I have: # disklabel sd2a # /dev/rsd2a: type: SCSI disk: SCSI disk label: MAW3300NC flags: vendor bytes/sector: 512 sectors/track: 930 tracks/cylinder: 8 sectors/cylinder: 7440 cylinders: 13217 total sectors: 585937500 rpm: 10025 interleave: 1 boundstart: 0 boundend: 585937500 drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] a: 585937200 0 4.2BSD 2048 16384 1 c: 585937500 0 unused and: # ls -l /home/cy total 576661216 -rw-r--r-- 1 root wheel 295178420224 Jun 16 03:39 cryptfile and: # df -h Filesystem Size Used Avail Capacity Mounted on /dev/sd0a 1007M 44.8M 912M 5% / /dev/sd0k 247G 2.0K 235G 0% /home /dev/sd0d 3.9G 6.0K 3.7G 0% /tmp /dev/sd0f 2.0G 559M 1.3G 29% /usr /dev/sd0g 1007M 162M 795M 17% /usr/X11R6 /dev/sd0h 5.9G 212K 5.6G 0% /usr/local /dev/sd0j 2.0G 2.0K 1.9G 0% /usr/obj /dev/sd0i 2.0G 2.0K 1.9G 0% ...
You can zero the disk device directly but use bs=2m to speed it up or use the file you've created as an encryption device with vnconfig. There are a few ways of encrypting though. Don't worry the -13G is perfectly normal. 275 * 0.05 = 13.75 ie 5% is reserved as root for stability and important work, had you written the file as a normal user you would have had 0 space left and be using 261Gs of 275. Lookup up the faq or previous mails at marc.info as I'm sure the answer is in both.
On Wed, 16 Jun 2010 22:46 +0100, "Kevin Chadwick" Ok... thanks to all of you for very helpful and quick replies. Also, apologies for not scouring the faq with sufficient tenacity - I've printed it off for some joyous(?) future lunch hours at work. And no more cross-posting if that's written in stone. In this case it didn't seem unreasonable. Thanks again chaps.
I've seen the greater than 100% full on a UFS? filesystem before when you exceed the size of the filesystem. There is space in the filesystem for "lost+found" and all those superblocks? you were complaining about that can get overwritten if you write too much to a partition. So setting up your "dd" to actually stop before you overfill the filesystem is what you need to do. (using bs=# count=# ... info you can get before you start initializing your file with the df command without the "-k or -h" to get number of blocks and block size) I'm sure the fine people on these lists will correct me if I'm wrong in my assumptions... :-) George Morgan
Spoace for superblocks and other metadata is subtracted from available You are wrong, there;s no such thing as overfilling a filesystem. It's just the 5% reserved for root. An ordinary user runs out earlier. It's in the FAQ.
Sorry for the misinformation. Thanks for the education. George Morgan
Thanks for this independent advice. Looks like it works at the block device level which must be better. I must say that while the official openbsd documentation I've seen is second to none, there seems to be relatively little information out there on data encryption (compared to the biblical tombs on the subject in the linux world). I tend to look through practiacal examples and tutorials when I try something new, and the one I found for this was three years old. What I'm trying to acheive is to stripe a few of these 300GB disks together and encrypt the resulting large volume. I shall persevere - thanks again for your replies.
The OpenBSD culture is not one of HOWTOs. You'll have to read the Easy enough, just create a softraid CRYPTO volume on top of a softraid RAID-0 volume. Do keep good backups, including of the key you use. Joachim
I remember that I asked something similar a year ago and the answer was "rather don't do it" - is this still valid? (creating a softraid crypto on top of softraid 0/1) http://marc.info/?l=openbsd-misc&m=125139976027774 kind regards, Robert
It may well be. Good catch. Joachim
The FAQ is just another word for HOWTOs. # Han
On Fri, 18 Jun 2010 07:05 +0200, "Han Boetes" <firstname.lastname@example.org> The FAQ is not a HOWTO. It is much more than that. The FAQ and man pages give you the information you need to think for yourself. If you can't think for yourself then OpenBSD is not for you.
search the internet and mailing lists or read the softraid, bioctl and associated man pages before stating there is a lack of information. a quick search of this mailing list for the terms "disk encryption" yields plenty of information: http://marc.info/?l=openbsd-misc&w=2&r=1&s=disk+encryption&q=b alternatively you could have made a google search for "openbsd disk encryption" and found
On Thu, 17 Jun 2010 06:28 -0500, "Jacob Yocom-Piatt" I actually said a relative lack of information, but I take your point in good spirit. Many thanks for the links, this is clearly a very helpful community. Thanks all round.
Why don't you just use softraid(8)? No need for a filesystem, and this particular use-case (encrypted disk) is in the EXAMPLES section of the Again, why don't you work with the disk directly? Doing "dd if=/dev/zero of=/dev/rsd0a conv=notrunc" would work fine. ("notrunc" is useful to wipe the last bytes if you use a different blocksize - 512 is the This is perfectly fine. newfs reserves, by default, 5% of all available space for use by the root user only. This is useful in two ways: it means root can squeeze a bit more data on the filesystem, and it prevents the performance degradation that comes with completely filling up a (ffs) filesystem. What you are seeing is that the *entire* disk has been used, including reserved space. Joachim
|Rusty Russell||Re: 2.6.22-rc3-mm1|
|Gautham R Shenoy||[PATCH 1/8] Enhance process freezer interface for usage beyond software suspend|
|Jeffrey V. Merkey||Re: Versioning file system|
|James Bottomley||Re: [PATCH -mm 1/2] scsi: remove dma_is_consistent usage in 53c700|
|David Miller||Re: NO_HZ: timer interrupt stuck|
|Oliver Kullmann||Re: how to move with history?|
|Junio C Hamano||Re: [PATCH 2/3] git-add--interactive: remove hunk coalescing|
|Miles Bader||Re: way to automatically add untracked files?|
|Harvey Harrison||Re: [SoC RFC] libsvn-fs-git: A git backend for the subversion filesystem|
|Alex Riesen||Re: git exclude patterns for directory|
|Linux Kernel Mailing List||V4L/DVB: tm6000: add special usb request to quit i2c tuner transfer|
|Linux Kernel Mailing List||OMAP: DSS2: SDI driver|
|Linux Kernel Mailing List||PCI: introduce pci_pcie_cap()|
|Linux Kernel Mailing List||netfilter: nf_conntrack_sip: add T.38 FAX support|
|Linux Kernel Mailing List||drivers/acpi: use kasprintf|
|Timo Teräs||ip xfrm policy semantics|
|David Miller||Re: [2.6.30-rc3] powerpc: compilation error of mace module|
|Patrick McHardy||Re: [rfc 02/13] [RFC 02/13] netfilter: nf_conntrack_sip: Add callid parser|
|Krzysztof Oledzki||Re: Error: an inet prefix is expected rather than "0/0".|
|Ted Bullock||Re: Proliant DL380 G3 cannot get on network|
|Úlfar M. E. Johnson||installing openbsd in xen|
|Eric Furman||Re: Defending OpenBSD Performance|
|Damien Miller||Re: Patching a SSH 'Weakness'|
|frantisek holop||Re: mount ffs as msdos, system hangs|