DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd September 2009
Sunnz's Avatar
Sunnz Sunnz is offline
Real Name: I don't have real time
Just a computer user...
 
Join Date: May 2008
Location: See Google Maps
Posts: 101
Thanked 1 Time in 1 Post
Default softraid encryption

I have been using vnconfig for disk encryption but I am aware that softraid is the new thing for some years, so I decide to try it in a virtual machine before actually using it on my real system. (Is it still "new" or am I just slow?)

Anyway I was able to have encrypted disk (sd1, sd2) created from partitions (sd0j, sd0k) and all is good.

I got some n00bish questions though... I haven't really used raid before...

What is softraid0? Is it just a controller of some kind? I was able to make 2 encrypted volumes both using softraid0 (bioctl -c C -l /dev/sd0j softraid0; bioctl -c C -l /dev/sd0k softraid0; ) but I heard that you can have more... (like softraid1, 2, etc...) but why? Is there a limit or something?

How do to "undo" an encrypted volume? Say I did bioctl -c C -l /dev/sd0j softraid0; and sd0 appears but I want to undo that... is this just something you don't do with a RAID configuration?

Lastly is there a way to create an encrypted volume using a file? Like with vnconfig you can create a sparse disk image as a file like /img/disk.img that have a capacity of 10 GB but only takes up as much disk space as the file inside takes... I have tried to do something like,

mount_vnd /img/test.img svnd0 #no encryption
fdisk -i svnd0
disklabel -E svnd0 # svnd0a is RAID
bioctl -c C -l /dev/svnd0a softraid0
##kernel panic##
__________________
She sells C shells by the seashore.
Reply With Quote
  #2   (View Single Post)  
Old 23rd September 2009
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,643
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by Sunnz View Post
... I haven't really used raid before...
Stop right there. RAID has nothing to do with cryptographics. The softraid(4) driver can do some things which provide software RAID capability, and it can also conduct cryptographics.
RAID stands for Redundant Array of Inexpensive Disks, or Redundant Array of Independent Disks. It was devised at the University of California, Berkeley. As initially concieved, there were a number of different methodologies devised, and assigned a series of different numbers, such as RAID 1 (mirroring) or RAID 5 (parity data interspersed with user data). This even included something they called RAID 0, which has no redundancy capability at all, and should have been called "AID" instead of "RAID". See http://en.wikipedia.org/wiki/RAID for details.
Quote:
What is softraid0? Is it just a controller of some kind?
A driver. See above.
Quote:
I was able to make 2 encrypted volumes both using softraid0 (bioctl -c C -l /dev/sd0j softraid0; bioctl -c C -l /dev/sd0k softraid0; ) but I heard that you can have more... (like softraid1, 2, etc...) but why? Is there a limit or something?
Only one softraid pseudo device is defined in /usr/src/sys/conf/GENERIC. There should be no need for additional softraid devices. The softraid(4) man page is the definitive place to go for understanding.
Quote:
How do to "undo" an encrypted volume? Say I did bioctl -c C -l /dev/sd0j softraid0; and sd0 appears but I want to undo that... is this just something you don't do with a RAID configuration?
Per the bioctl(8) man page, see the "-d" option. The sd device will be deleted, and the unencrypted data will no longer be available to the OS.
Quote:
Lastly is there a way to create an encrypted volume using a file? ...
No. Please read the bioctl(8) man page. A -device- is required.
Reply With Quote
  #3   (View Single Post)  
Old 23rd September 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

But yeah, softraid(4) is supposed to be a better replacement for the RAIDframe driver, with a uniform set of utilities shared between it and hardware RAID drivers (..bio(4)/bioctl(8)).

EDIT: I had a erroneously stated that RAID0 was equal to JBOD, this was wrong.. apologies.

Last edited by BSDfan666; 23rd September 2009 at 06:53 PM.
Reply With Quote
  #4   (View Single Post)  
Old 23rd September 2009
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,643
Thanked 214 Times in 189 Posts
Default

Eventually, BSDfan. We have different opinions about the state of softraid(4);
Reply With Quote
  #5   (View Single Post)  
Old 23rd September 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

My opinions are based solely on speculation, I don't use disk arrays.. so I concede to your experiences on the matter.
Reply With Quote
  #6   (View Single Post)  
Old 24th September 2009
Sunnz's Avatar
Sunnz Sunnz is offline
Real Name: I don't have real time
Just a computer user...
 
Join Date: May 2008
Location: See Google Maps
Posts: 101
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by jggimi View Post
Stop right there. RAID has nothing to do with cryptographics.
I know, I thought I mentioned that I am not experienced with RAID though.

Quote:
Only one softraid pseudo device is defined in /usr/src/sys/conf/GENERIC. There should be no need for additional softraid devices. The softraid(4) man page is the definitive place to go for understanding.
I see.

Quote:
Per the bioctl(8) man page, see the "-d" option. The sd device will be deleted, and the unencrypted data will no longer be available to the OS.
Oh yes I was reading both man pages over and over again, I was doing it wrong... I did something like bioctl -d softraid0 and bioctl -d -l /dev/sd0j softraid0... no, it is just bioctl -d sd1 which works now, what was I thinking!!

Quote:
No. Please read the bioctl(8) man page. A -device- is required.
Ok I read them again more carefully and thoroughly. Thanks for the help.
__________________
She sells C shells by the seashore.
Reply With Quote
  #7   (View Single Post)  
Old 24th September 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,876
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by Sunnz View Post
Ok I read them again more carefully and thoroughly.
It would also be worth your time searching through the misc@ archives for related information. I recall that Marco Peerboom has stepped a few people through configuration issues within the last year.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing FreeBSD and encryption? neurosis FreeBSD Security 1 1st November 2008 05:51 PM
SOFTRAID(4) revzalot OpenBSD Installation and Upgrading 3 27th July 2008 08:40 PM
encryption during rsync gkontos General software and network 7 13th June 2008 10:08 AM


All times are GMT. The time now is 05:48 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick