similar to: Data authentication for geli(8) committed to HEAD.

/usr/src/sys/modules/hifn/Makefile appears to need an update to make it same as HEAD. Same with ..modules/ubsec/Makefile. Patches: Index: Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/ubsec/Makefile,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 Makefile --- Makefile 21 Nov 2002 23:38:47 -0000 1.2.2.1 +++ Makefile 5 Jun 2003

Hi all, can someone comment on the state of the hifn(4) driver? I've recently upgraded my 6.2-STABLE workstation to RELENG_7, and I'm now experiencing system lockups that seem to be caused by the hifn(4) driver. I've got a Soekris vpn1401 card to help with GELI disk en- cryption. Reading from a GELI volume is causing the system to freeze completely, which does not happen if

Hi. I added possibility to use key files for encrypted provider which are attached on boot. Before only passphrase could be used. I also fixed the tasing code - before it sometimes stopped to taste providers too early, so it was possible that kernel didn't ask for the passphrase. If you had problems with this, you may want to try again. -- Pawel Jakub Dawidek

Hello, Just to let everyone know that this is still an issue. I am trying to install FreeBSD 9.0 amd64 on a Lenovo X121e and I can't get it to accept the geli passphrase during boot. I've confirmed using kern.geom.eli.visible_passphrase=1 that the passphrase is correct, and the same passphrase is accepted when the system is booted up. I've tried disabling kbdmux in

Speaking of GELI / GBDE. I was reading Marc's excellent paper on Complete harddrive encryption for FreeBSD using GBDE/GELI and the problem I have is it all depends on a bootable removable token that can by physically secured. While an excellent solution for laptop / desktop users it just doesn't work with a remote colo users. No way you can physically remove your unsecure boot token or

Hello, I was playing around with geli an gbde after last EuroBSDCon. I liked the idea of encrypting my data which resides in /home/$user. Since this is a "single" user laptop i intended to encrypt the whole /home partition. Well no problems with that. But i wanted the lockfile or keyfile on a seperate usb disc. Which would be mounted or used during boot of the system. I also used

I got roughly the same performance results when I use the openssl speed test with and without a hifn 7956 cryto card Here's what I did: After the card is plugged in, kldload hifn; kldload cryptodev; I got the message: hifn0 mem 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff irg 28 at device 3.0 on pci1 hifn0: Hifn 7956, rev 0, 32KB dram, pll=0x800<pci clk, 4x

Hello, i want to encrypt my HDD's with GELI (not the root-fs, though). I want to do the encryption without password, just with a key. The key should be stored in a floppy disk, and the read should be read automatically on boot, from the floppy. There is a problem here, because GELI initializes _before_ mounting the disks from /etc/fstab (for obvious reasons, of course). So GELI is not able

Hi, Somehow[TM] an installation of 4.11 to ad0s3 managed to wipe out my existing disklabel for 7.0 on ad0s4. I now need to recover the disklabel to get my system to boot! There were three labels - ad0s4a: UFS, exact size unknown. Is it possible to infer this from the UFS partition size? I can mount this already, as I simply wrote an 'a' label of maximum size to the disklabel - ad0s4b:

Hello. I have been investigating a 'secure' Firefox solution. The cache, history and other files are kept on an encrypted slice and swap is encrypted also. The problem I am having is that I know the shell commands required to unmount /tmp, create providers with GELI with one-time keys, remount /tmp, activate swap etc. but I don't know the correct way to get this done automatically on

Hello, I'm using geli on laptop PC with only one HDD. Disk is divided into two slices, ad0s1 and ad0s2. Second slice (ad0s2) is encrypted with GEOM ELI using two-factor authentication - passphrase plus keyfile on USB drive. FreeBSD is installed on ad0s2.eli and first slice is not used by this system so let's say that I've got a full disk encryption. Now my question - is it safe

Hello out there, everybody! I was actually expecting to find several (hundred) threads with this subject being discussed. To my surprise I didn't find a single one either on these mailing lists or in the newsgroups - at least not in a language I understand. :-) I realize that gbde and geli are not designed to be better than the other but that both fit different needs and different tastes.

I was using a GELI partition for /usr/home on 7.0, so it attaches and mounts on boot. The problem is it stopped working after the system was upgraded to RELENG_7/7.1-PRERELEASE. Here's how it goes: I have the following /etc/fstab: /dev/ad0s1b none swap sw 0 0 /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1d

I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of

Hello! We are proudly announce that CerbNG-1.0 Release Candidate 2 is now avaliable. There are many changes from RC1 (many new functionalities, some bug fixes, new interesting policies, new regression tests and more). It seems that CerbNG is stable for now, so we hope that the next version is going to be final 1.0 series release. We count on feedback from FreeBSD community in founding bugs (if

Hello! We are proudly announce that CerbNG-1.0 Release Candidate 2 is now avaliable. There are many changes from RC1 (many new functionalities, some bug fixes, new interesting policies, new regression tests and more). It seems that CerbNG is stable for now, so we hope that the next version is going to be final 1.0 series release. We count on feedback from FreeBSD community in founding bugs (if

Hi All, I'm running stable from August 19/2003. I've got a few A7N8X-Deluxe boards. One Rev1.0 and two Rev2.0. While the 1.0 board works, the 2.0 boards lock up on boot during the uhub0 bus discovery. It's extremely frustrating :) ... While I can boot without the devices and attach them later, the devices ( logitech usb keyboard, logitech mouse, rio800, samsung CDMA adapter,

Rarely, a geli partition I have freezes a process in bufwait state. It occurs after an ATA timeout message: Aug 5 03:47:13 thor kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=219028637 The geli partition resides on an Intel MatrixRAID RAID1 mirror using the ICH9R chipset (Asus P5K-E/WIFI). Killing (even -9) the process does not work. Rebooting is the only solution, yet the

I have a zpool that consists for a two-drive mirror. The two times I took the zpool offline, I had to resilver one of the drives (the same drive both times) when I imported it back. All drives in the pool show no read, write, or checksum errors and are new, so I'm looking to a software problem before hardware. Both drives are encrypted geli devices. I tried to reproduce the error with 1GB

Hi, Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip. hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff irq 5 at device 0.0 on pci1 hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions vs hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0 on pci0 hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions When it says "n