When using GELI with any data authentication algorithm (I tried HMAC/MD5 and HMAC/SHA256), geli fails even on first attach with messages like: GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 8192 Even if you dd the attached encrypted partition with random bytes or zeroes (forcing geli to "fix" the disk), the disk appear to work until you try to install Freebsd on it. The install will fail with kernel panic. Production release (RELENG-8.2) does not output any errors. How-To-Repeat: 1. Create VMWare virtual machine with one harddisk 2. Boot the 9.0 installation disk 3. When prompted for partition allocation, choose <<SHELL>> 4. create small partition on disk: # gpart create -s MBR da0 da0 created # gpart add -t freebsd -s 10M da0 da0s1 added 5. initialize geli on a partition using HMAC/MD5 authentication # geli init -v -b -e AES -l 256 -a HMAC/MD5 /dev/da0s1 Enter new passphrase: Reenter new passphrase: [skipping some output] Done. 6. Now try to attach # geli attach /dev/da0s1 Enter passphrase: GEOM_ELI: Device da0s1.eli created GEOM_ELI: Encryption: AES-XTS 256 GEOM_ELI: Integrity: HMAC/MD5 GEOM_ELI: Crypto: software GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 512. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 0. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 5240832. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 65536. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 8192. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 0. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 262144. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 65536. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 8192. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 0. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 262144. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 32768. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 0. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 1024. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 8192. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 65536. GEOM_ELI: da0s1.eli: 512 bytes corrupted at offset 0. 7. Some additional investigation. 7.1. Try to dd the "bad" disk in order to "fix" problems # dd if=/dev/random of=/dev/da0s1.eli [Skipping dd output] # geli detach /dev/da0s1.eli GEOM_ELI: Device da0s1.eli destroyed. # geli attach /dev/da0s1 Enter passphrase: GEOM_ELI: Device da0s1.eli created GEOM_ELI: Encryption: AES-XTS 256 GEOM_ELI: Integrity: HMAC/MD5 GEOM_ELI: Crypto: software no errors here, but if you try to install freebsd on the encrypted partition, it will fail with kernel panic (you need larger partition to try this, of course) 7.2. HMAC/SHA256 fails also 7.3. The same process with RELENG-8.2 works flawlessly
Responsible Changed From-To: freebsd-bugs->freebsd-geom Over to maintainer(s).
State Changed From-To: open->feedback Hash mismatch warnings on GELI provider that is not initialized (filled with, eg. random data) after configuring GELI authentication are expected and this is not a bug. FreeBSD panicing during install sounds like a real problem, but has nothing to do with the warnings you saw. Please provide at least backtrace for the panic for starters.
Responsible Changed From-To: freebsd-geom->pjd I'll take this one.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped