DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th November 2022
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default Using vnd as keydisk for bioctl?

Hi.
Is it possible to use a vnd(4) as a keydisk for bioctl(8)?
(crypted disk mount on /mnt/xyz correctly with one keydisk)

My attempt:
Code:
$ doas dd if=/dev/zero of=disk.img bs=1g count=1

$ doas vnconfig disk.img 
vnd0

$ doas disklabel -E /dev/vnd0c
Label editor (enter '?' for help at any prompt)
/dev/vnd0c> p g
OpenBSD area: 0-2097152; size: 1.0G; free: 1.0G
#                size           offset  fstype [fsize bsize   cpg]
  c:             1.0G                0  unused                    
/dev/vnd0c> a a
offset: [0] 
size: [2097152] 
FS type: [4.2BSD] RAID
/dev/vnd0c*> w
/dev/vnd0c> q
No label changes.

$ doas dd bs=8192 seek=1 if=bckp.k.img of=/dev/rvnd0a                                                                                                     
110914+0 records in
110914+0 records out
908607488 bytes transferred in 80.264 secs (11320180 bytes/sec)

$ doas bioctl -c C -k vnd0a -l 892fc22d89c0ff24.a softraid0
Nov 14 14:43:48 srvr /bsd: softraid0: vnd0a is not a key disk
error of reasoning or really not possible?
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733

Last edited by CiotBSD; 14th November 2022 at 04:25 PM.
Reply With Quote
  #2   (View Single Post)  
Old 14th November 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,840
Default

I am able to use a vnd(4) device as a bioctl(8) keydisk, as follows:
  • Create the backing store with vmctl(8)
  • Create the disklabel partition, type RAID
  • Name the partition in a bioctl(8) -c C command as a -k option.
I did not attempt to overlay any data in the key device.

Edited to add my example:
Code:
# vmctl create -s 1g /tmp/key.disk
vmctl: raw imagefile created
# vmctl create -s 5g /tmp/encrypt.disk
vmctl: raw imagefile created
# vnconfig vnd0 /tmp/key.disk
# vnconfig vnd1 /tmp/encrypt.disk
# disklabel -E vnd0
Label editor (enter '?' for help at any prompt)
vnd0> a a
offset: [0]
size: [2097152]
FS type: [4.2BSD] raid
vnd0*> w
vnd0> q
No label changes.
# disklabel -E vnd1
Label editor (enter '?' for help at any prompt)
vnd1> a a
offset: [0]
size: [10485760]
FS type: [4.2BSD] raid
vnd1*> w
vnd1> q
No label changes.
# bioctl -c C -k /dev/vnd0a -l /dev/vnd1a softraid0
softraid0: CRYPTO volume attached as sd2
#

Last edited by jggimi; 14th November 2022 at 04:25 PM.
Reply With Quote
  #3   (View Single Post)  
Old 14th November 2022
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

vmctl? plz, explain.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #4   (View Single Post)  
Old 14th November 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,840
Default

The vmctl(8) command used to manage hypervisor guests has a "create" option which creates sparse files.

I have added my console output to my response above, where you can see I used the vmctl(8) command to create the backing storage for a 1 GB key disk and a 5 GB encrypted disk.
Reply With Quote
  #5   (View Single Post)  
Old 14th November 2022
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

Ok, In your example, you initiate softraid with the virtual disk, created by vmctl. I understand.
(egual process than using dd)

But, in the use case, where the softraid was created with a keydisk, and backuped.
How can I use the backup as virtual disk?
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #6   (View Single Post)  
Old 14th November 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,840
Default

I just tested backup and recovery of the key partition using dd(1). Works fine. To keep it manageable I used a small, 5MB key disk.
Code:
# # create disks:
# vmctl create -s 5m /tmp/key.disk
vmctl: raw imagefile created
# vmctl create -s 5g /tmp/encrypted.disk
vmctl: raw imagefile created
# vnconfig vnd0 /tmp/key.disk
# vnconfig vnd1 /tmp/encrypted.disk
# disklabel -E vnd0
Label editor (enter '?' for help at any prompt)
vnd0> a a
offset: [0]
size: [10240]
FS type: [4.2BSD] raid
vnd0*> w
vnd0> q
No label changes.
# disklabel -E vnd1
Label editor (enter '?' for help at any prompt)
vnd1> a a
offset: [0]
size: [10485760]
FS type: [4.2BSD] raid
vnd1*> w
vnd1> q
No label changes.
# # create softraid disk:
# bioctl -c C -k /dev/vnd0a -l /dev/vnd1a softraid0
softraid0: CRYPTO volume attached as sd2
# disklabel -E sd2
Label editor (enter '?' for help at any prompt)
sd2> a a
offset: [0]
size: [10485232]
FS type: [4.2BSD]
sd2*> w
sd2> q
No label changes.
# newfs sd2a
/dev/rsd2a: 5119.7MB in 10485216 sectors of 512 bytes
26 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
super-block backups (for fsck -b #) at:
 160, 414880, 829600, 1244320, 1659040, 2073760, 2488480, 2903200, 3317920, 3732640, 4147360, 4562080, 4976800,
 5391520, 5806240, 6220960, 6635680, 7050400, 7465120, 7879840, 8294560, 8709280, 9124000, 9538720, 9953440,
 10368160,
# mount /dev/sd2a /mnt
# echo this is a test file > /mnt/test.file
# umount /mnt
# # detach softraid drive and back up key disk:
# bioctl -d sd2
# dd if=/dev/rvnd0a of=/tmp/key.disk.dd.backup
10240+0 records in
10240+0 records out
5242880 bytes transferred in 0.342 secs (15329018 bytes/sec)
# # test recovery with a new key drive:
# vmctl create -s 5m /tmp/new.key.disk
vmctl: raw imagefile created
# vnconfig vnd2 /tmp/new.key.disk
# disklabel -E vnd2ke
Label editor (enter '?' for help at any prompt)
vnd2> a a
offset: [0]
size: [10240]
FS type: [4.2BSD] raid
vnd2*> w
vnd2> q
No label changes.
# dd if=/tmp/key.disk.dd.backup of=/dev/rvnd2a
10240+0 records in
10240+0 records out
5242880 bytes transferred in 4.678 secs (1120655 bytes/sec)
# bioctl -c C -k /dev/vnd2a -l /dev/vnd1a softraid0
softraid0: CRYPTO volume attached as sd2
# mount /dev/sd2a /mnt
# cat /mnt/test.file
this is a test file
#
Reply With Quote
  #7   (View Single Post)  
Old 16th November 2022
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

@jggimi: thanks.
But, I dont known why, this not runs on my use case. (perhaps, it's due to I use crypted HD).
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #8   (View Single Post)  
Old 17th November 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,840
Default

Please note that my backup and restore were of the keydisk partition (backup from: /dev/rvnd0a, restore to: /dev/rvnd2a), only, and were not of the entire drive.

Last edited by jggimi; 17th November 2022 at 02:06 AM. Reason: clarity
Reply With Quote
Reply

Tags
bioctl, openbsd, vnd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD adds boot(8) support for keydisk-based softraid crypto volumes J65nko News 0 12th November 2013 09:24 AM


All times are GMT. The time now is 09:28 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick