1 .\" Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net>
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd "control utility for the cryptographic GEOM class"
34 To compile GEOM_ELI into your kernel, add the following lines to your kernel
36 .Bd -ragged -offset indent
38 .Cd "options GEOM_ELI"
41 Alternatively, to load the GEOM_ELI module at boot time, add the following line
44 .Bd -literal -offset indent
56 .Op Fl B Ar backupfile
58 .Op Fl i Ar iterations
59 .Op Fl J Ar newpassfile
60 .Op Fl K Ar newkeyfile
62 .Op Fl s Ar sectorsize
66 .Cm label - an alias for
80 .Cm stop - an alias for
88 .Op Fl s Ar sectorsize
97 .Op Fl i Ar iterations
99 .Op Fl J Ar newpassfile
101 .Op Fl K Ar newkeyfile
160 utility is used to configure encryption on GEOM providers.
162 The following is a list of the most important features:
164 .Bl -bullet -offset indent -compact
168 framework, so when there is crypto hardware available,
170 will make use of it automatically.
172 Supports many cryptographic algorithms (currently
180 Can optionally perform data authentication (integrity verification) utilizing
181 one of the following algorithms:
190 Can create a User Key from up to two, piecewise components: a passphrase
191 entered via prompt or read from one or more passfiles; a keyfile read from
194 Allows encryption of the root partition.
195 The user will be asked for the
196 passphrase before the root file system is mounted.
198 Strengthens the passphrase component of the User Key with:
201 .%T "PKCS #5: Password-Based Cryptography Specification, Version 2.0."
206 Allows the use of two independent User Keys (e.g., a
209 .Qq "company key" ) .
213 performs simple sector-to-sector encryption.
215 Allows the encrypted Master Key to be backed up and restored,
216 so that if a user has to quickly destroy key material,
217 it is possible to get the data back by restoring keys from
220 Providers can be configured to automatically detach on last close
221 (so users do not have to remember to detach providers after unmounting
224 Allows attaching a provider with a random, one-time Master Key -
225 useful for swap partitions and temporary file systems.
227 Allows verification of data integrity (data authentication).
229 Allows suspending and resuming encrypted devices.
232 The first argument to
234 indicates an action to be performed:
235 .Bl -tag -width ".Cm configure"
237 Initialize the provider which needs to be encrypted.
238 Here you can set up the cryptographic algorithm to use, Data Key length,
240 The last sector of the provider is used to store metadata.
243 subcommand also automatically writes metadata backups to
244 .Pa /var/backups/<prov>.eli
246 The metadata can be recovered with the
248 subcommand described below.
250 Additional options include:
251 .Bl -tag -width ".Fl J Ar newpassfile"
253 Enable data integrity verification (authentication) using the given algorithm.
254 This will reduce the size of storage available and also reduce speed.
255 For example, when using 4096 bytes sector and
257 algorithm, 89% of the original provider storage will be available for use.
258 Currently supported algorithms are:
266 If the option is not given, there will be no authentication, only encryption.
267 The recommended algorithm is
270 Try to decrypt this partition during boot, before the root partition is mounted.
271 This makes it possible to use an encrypted root partition.
272 One will still need bootable unencrypted storage with a
274 directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
276 .It Fl B Ar backupfile
277 File name to use for metadata backup instead of the default
278 .Pa /var/backups/<prov>.eli .
279 To inhibit backups, you can use
284 When entering the passphrase to boot from this encrypted root filesystem, echo
287 This makes the length of the passphrase visible.
289 Encryption algorithm to use.
290 Currently supported algorithms are:
298 The default and recommended algorithm is
303 Enable booting from this encrypted root filesystem.
304 The boot loader prompts for the passphrase and loads
306 from the encrypted partition.
307 .It Fl i Ar iterations
308 Number of iterations to use with PKCS#5v2 when processing User Key
309 passphrase component.
310 If this option is not specified,
312 will find the number of iterations which is equal to 2 seconds of crypto work.
313 If 0 is given, PKCS#5v2 will not be used.
314 PKCS#5v2 processing is performed once, after all parts of the passphrase
315 component have been read.
316 .It Fl J Ar newpassfile
317 Specifies a file which contains the passphrase component of the User Key
321 is given as -, standard input will be used.
322 Only the first line (excluding new-line character) is taken from the given file.
323 This argument can be specified multiple times, which has the effect of
324 reassembling a single passphrase split across multiple files.
325 Cannot be combined with the
328 .It Fl K Ar newkeyfile
329 Specifies a file which contains the keyfile component of the User Key
333 is given as -, standard input will be used.
334 This argument can be specified multiple times, which has the effect of
335 reassembling a single keyfile split across multiple keyfile parts.
337 Data Key length to use with the given cryptographic algorithm.
338 If the length is not specified, the selected algorithm uses its
341 .Bl -ohang -offset indent
345 .It Nm AES-CBC , Nm Camellia-CBC
351 + n * 32, for n=[0..10]
356 Do not use a passphrase as a component of the User Key.
357 Cannot be combined with the
360 .It Fl s Ar sectorsize
361 Change decrypted provider's sector size.
362 Increasing the sector size allows increased performance,
363 because encryption/decryption which requires an initialization vector
364 is done per sector; fewer sectors means less computational work.
368 calls (i.e., TRIM/UNMAP).
369 This can prevent an attacker from knowing how much space you're actually
370 using and which sectors contain live data, but will also prevent the
371 backing store (SSD, etc) from reclaiming space you're not using, which
372 may degrade its performance and lifespan.
373 The underlying provider may or may not actually obliterate the deleted
374 sectors when TRIM is enabled, so it should not be considered to add any
377 Metadata version to use.
378 This option is helpful when creating a provider that may be used by older
383 section to find which metadata version is supported by which FreeBSD version.
384 Note that using an older version of metadata may limit the number of
388 Attach the given provider.
389 The encrypted Master Key will be loaded from the metadata and decrypted
390 using the given passphrase/keyfile and a new GEOM provider will be created
391 using the given provider's name with an
395 Additional options include:
396 .Bl -tag -width ".Fl j Ar passfile"
398 Do a dry-run decryption.
399 This is useful to verify passphrase and keyfile without decrypting the device.
401 If specified, a decrypted provider will be detached automatically on last close.
402 This can help with scarce memory so the user does not have to remember to detach the
403 provider after unmounting the file system.
404 It only works when the provider was opened for writing, so it will not work if
405 the file system on the provider is mounted read-only.
406 Probably a better choice is the
412 Specifies the index number of the Master Key copy to use (could be 0 or 1).
413 If the index number is not provided all keys will be tested.
415 Specifies a file which contains the passphrase component of the User Key
417 For more information see the description of the
423 Specifies a file which contains the keyfile component of the User Key
425 For more information see the description of the
431 Do not use a passphrase as a component of the User Key.
432 Cannot be combined with the
436 Attach read-only provider.
437 It will not be opened for writing.
440 Detach the given providers, which means remove the devfs entry
441 and clear the Master Key and Data Keys from memory.
443 Additional options include:
444 .Bl -tag -width ".Fl f"
446 Force detach - detach even if the provider is open.
448 Mark provider to detach on last close.
449 If this option is specified, the provider will not be detached
450 while it is open, but will be automatically detached when it is closed for the
451 last time even if it was only opened for reading.
454 Attach the given providers with a random, one-time (ephemeral) Master Key.
455 The command can be used to encrypt swap partitions or temporary file systems.
457 Additional options include:
458 .Bl -tag -width ".Fl a Ar sectorsize"
460 Enable data integrity verification (authentication).
461 For more information, see the description of the
465 Encryption algorithm to use.
466 For more information, see the description of the
470 Detach on last close.
471 Note: this option is not usable for temporary file systems as the provider will
472 be detached after creating the file system on it.
473 It still can (and should be) used for swap partitions.
474 For more information, see the description of the
478 Data Key length to use with the given cryptographic algorithm.
479 For more information, see the description of the
482 .It Fl s Ar sectorsize
483 Change decrypted provider's sector size.
484 For more information, see the description of the
488 Disable TRIM/UNMAP passthru.
489 For more information, see the description of the
494 Change configuration of the given providers.
496 Additional options include:
497 .Bl -tag -width ".Fl b"
499 Set the BOOT flag on the given providers.
500 For more information, see the description of the
504 Remove the BOOT flag from the given providers.
506 When entering the passphrase to boot from this encrypted root filesystem, echo
509 This makes the length of the passphrase visible.
511 Disable echoing of any characters when a passphrase is entered to boot from this
512 encrypted root filesystem.
513 This hides the passphrase length.
515 Enable booting from this encrypted root filesystem.
516 The boot loader prompts for the passphrase and loads
518 from the encrypted partition.
520 Deactivate booting from this encrypted root partition.
522 Enable TRIM/UNMAP passthru.
523 For more information, see the description of the
527 Disable TRIM/UNMAP passthru.
530 Install a copy of the Master Key into the selected slot, encrypted with
532 If the selected slot is populated, replace the existing copy.
533 A provider has one Master Key, which can be stored in one or both slots,
534 each encrypted with an independent User Key.
537 subcommand, only key number 0 is initialized.
538 The User Key can be changed at any time: for an attached provider,
539 for a detached provider, or on the backup file.
540 When a provider is attached, the user does not have to provide
541 an existing passphrase/keyfile.
543 Additional options include:
544 .Bl -tag -width ".Fl J Ar newpassfile"
545 .It Fl i Ar iterations
546 Number of iterations to use with PKCS#5v2.
547 If 0 is given, PKCS#5v2 will not be used.
548 To be able to use this option with the
550 subcommand, only one key has to be defined and this key must be changed.
552 Specifies a file which contains the passphrase component of a current User Key
554 .It Fl J Ar newpassfile
555 Specifies a file which contains the passphrase component of the new User Key
558 Specifies a file which contains the keyfile component of a current User Key
560 .It Fl K Ar newkeyfile
561 Specifies a file which contains the keyfile component of the new User Key
564 Specifies the index number of the Master Key copy to change (could be 0 or 1).
565 If the provider is attached and no key number is given, the key
566 used for attaching the provider will be changed.
567 If the provider is detached (or we are operating on a backup file)
568 and no key number is given, the first Master Key copy to be successfully
569 decrypted with the provided User Key passphrase/keyfile will be changed.
571 Do not use a passphrase as a component of the current User Key.
572 Cannot be combined with the
576 Do not use a passphrase as a component of the new User Key.
577 Cannot be combined with the
582 Destroy (overwrite with random data) the selected Master Key copy.
583 If one is destroying keys for an attached provider, the provider
584 will not be detached even if all copies of the Master Key are destroyed.
585 It can even be rescued with the
587 subcommand because the Master Key is still in memory.
589 Additional options include:
590 .Bl -tag -width ".Fl a Ar keyno"
592 Destroy all copies of the Master Key (does not need
596 Force key destruction.
597 This option is needed to destroy the last copy of the Master Key.
599 Specifies the index number of the Master Key copy.
600 If the provider is attached and no key number is given, the key
601 used for attaching the provider will be destroyed.
602 If provider is detached (or we are operating on a backup file) the key number
606 This command should be used only in emergency situations.
607 It will destroy all copies of the Master Key on a given provider and will
608 detach it forcibly (if it is attached).
609 This is absolutely a one-way command - if you do not have a metadata
610 backup, your data is gone for good.
611 In case the provider was attached with the
613 flag, the keys will not be destroyed, only the provider will be detached.
615 Additional options include:
616 .Bl -tag -width ".Fl a"
618 If specified, all currently attached providers will be killed.
621 Backup metadata from the given provider to the given file.
623 Restore metadata from the given file to the given provider.
625 Additional options include:
626 .Bl -tag -width ".Fl f"
628 Metadata contains the size of the provider to ensure that the correct
629 partition or slice is attached.
630 If an attempt is made to restore metadata to a provider that has a different
633 will refuse to restore the data unless the
636 If the partition or slice has been grown, the
638 subcommand should be used rather than attempting to relocate the metadata
645 Suspend device by waiting for all inflight requests to finish, clearing all
646 sensitive information (like the Master Key and Data Keys) from kernel memory,
647 and blocking all further I/O requests until the
649 subcommand is executed.
650 This functionality is useful for laptops: when one wants to suspend a
651 laptop, one does not want to leave an encrypted device attached.
652 Instead of closing all files and directories opened from a file system located
653 on an encrypted device, unmounting the file system, and detaching the device,
656 subcommand can be used.
657 Any access to the encrypted device will be blocked until the Master Key is
661 Thus there is no need to close nor unmount anything.
664 subcommand does not work with devices created with the
667 Please note that sensitive data might still be present in memory after
668 suspending an encrypted device due to the file system cache, etc.
670 Additional options include:
671 .Bl -tag -width ".Fl a"
678 Resume previously suspended device.
679 The caller must ensure that executing this subcommand does not access the
680 suspended device, leading to a deadlock.
681 For example suspending a device which contains the file system where the
683 utility is stored is bad idea.
685 Additional options include:
686 .Bl -tag -width ".Fl j Ar passfile"
688 Specifies a file which contains the passphrase component of the User Key
690 For more information see the description of the
696 Specifies a file which contains the keyfile component of the User Key
698 For more information see the description of the
704 Do not use a passphrase as a component of the User Key.
705 Cannot be combined with the
712 that the provider has been resized.
713 The old metadata block is relocated to the correct position at the end of the
714 provider and the provider size is updated.
716 Additional options include:
717 .Bl -tag -width ".Fl s Ar oldsize"
719 The size of the provider before it was resized.
722 If no arguments are given, the
724 subcommand will print the version of
726 userland utility as well as the version of the
730 If GEOM providers are specified, the
732 subcommand will print metadata version used by each of them.
734 Clear metadata from the given providers.
736 This will erase with zeros the encrypted Master Key copies stored in the
739 Dump metadata stored on the given providers.
754 Additional options include:
755 .Bl -tag -width ".Fl v"
765 utility generates a random Master Key for the provider.
766 The Master Key never changes during the lifetime of the provider.
767 Each copy of the provider metadata, active or backed up to a file, can store
768 up to two, independently-encrypted copies of the Master Key.
770 Each stored copy of the Master Key is encrypted with a User Key, which
773 utility from a passphrase and/or a keyfile.
776 utility first reads all parts of the keyfile in the order specified on the
777 command line, then reads all parts of the stored passphrase in the order
778 specified on the command line.
779 If no passphrase parts are specified, the system prompts the user to enter
781 The passphrase is optionally strengthened by PKCS#5v2.
782 The User Key is a digest computed over the concatenated keyfile and passphrase.
784 During operation, one or more Data Keys are deterministically derived by
785 the kernel from the Master Key and cached in memory.
786 The number of Data Keys used by a given provider, and the way they are
787 derived, depend on the GELI version and whether the provider is configured to
788 use data authentication.
792 variables can be used to control the behavior of the
795 The default value is shown next to each variable.
796 Some variables can also be set in
797 .Pa /boot/loader.conf .
798 .Bl -tag -width indent
799 .It Va kern.geom.eli.version
800 Version number of the
803 .It Va kern.geom.eli.debug : No 0
807 This can be set to a number between 0 and 3 inclusive.
808 If set to 0, minimal debug information is printed.
810 maximum amount of debug information is printed.
811 .It Va kern.geom.eli.tries : No 3
812 Number of times a user is asked for the passphrase.
813 This is only used for providers which are attached on boot
814 (before the root file system is mounted).
815 If set to 0, attaching providers on boot will be disabled.
816 This variable should be set in
817 .Pa /boot/loader.conf .
818 .It Va kern.geom.eli.overwrites : No 5
819 Specifies how many times the Master Key will be overwritten
820 with random values when it is destroyed.
821 After this operation it is filled with zeros.
822 .It Va kern.geom.eli.visible_passphrase : No 0
823 If set to 1, the passphrase entered on boot (before the root
824 file system is mounted) will be visible.
825 This alternative should be used with caution as the entered
826 passphrase can be logged and exposed via
828 This variable should be set in
829 .Pa /boot/loader.conf .
830 .It Va kern.geom.eli.threads : No 0
831 Specifies how many kernel threads should be used for doing software
833 Its purpose is to increase performance on SMP systems.
834 If set to 0, a CPU-pinned thread will be started for every active CPU.
835 .It Va kern.geom.eli.batch : No 0
836 When set to 1, can speed-up crypto operations by using batching.
837 Batching reduces the number of interrupts by responding to a group of
838 crypto requests with one interrupt.
839 The crypto card and the driver has to support this feature.
840 .It Va kern.geom.eli.key_cache_limit : No 8192
841 Specifies how many Data Keys to cache.
843 (8192 keys) will allow caching of all keys for a 4TB provider with 512 byte
844 sectors and will take around 1MB of memory.
845 .It Va kern.geom.eli.key_cache_hits
846 Reports how many times we were looking up a Data Key and it was already in
848 This sysctl is not updated for providers that need fewer Data Keys than
849 the limit specified in
850 .Va kern.geom.eli.key_cache_limit .
851 .It Va kern.geom.eli.key_cache_misses
852 Reports how many times we were looking up a Data Key and it was not in cache.
853 This sysctl is not updated for providers that need fewer Data Keys than the limit
855 .Va kern.geom.eli.key_cache_limit .
858 Exit status is 0 on success, and 1 if the command fails.
860 Initialize a provider which is going to be encrypted with a
861 passphrase and random data from a file on the user's pen drive.
863 Attach the provider, create a file system, and mount it.
865 Unmount the provider and detach it:
866 .Bd -literal -offset indent
867 # dd if=/dev/random of=/mnt/pendrive/da2.key bs=64 count=1
868 # geli init -s 4096 -K /mnt/pendrive/da2.key /dev/da2
869 Enter new passphrase:
870 Reenter new passphrase:
871 # geli attach -k /mnt/pendrive/da2.key /dev/da2
873 # dd if=/dev/random of=/dev/da2.eli bs=1m
875 # mount /dev/da2.eli /mnt/secret
878 # geli detach da2.eli
881 Create an encrypted provider, but use two User Keys:
882 one for your employee and one for you as the company's security officer
883 (so it is not a tragedy if the employee
885 forgets his passphrase):
886 .Bd -literal -offset indent
888 Enter new passphrase: (enter security officer's passphrase)
889 Reenter new passphrase:
890 # geli setkey -n 1 /dev/da2
891 Enter passphrase: (enter security officer's passphrase)
892 Enter new passphrase: (let your employee enter his passphrase ...)
893 Reenter new passphrase: (... twice)
896 You are the security officer in your company.
897 Create an encrypted provider for use by the user, but remember that users
898 forget their passphrases, so backup the Master Key with your own random key:
899 .Bd -literal -offset indent
900 # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
901 # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ada0s1e
902 # geli backup /dev/ada0s1e /mnt/pendrive/backups/`hostname`
903 (use key number 0, so the encrypted Master Key will be re-encrypted by this)
904 # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ada0s1e
905 (allow the user to enter his passphrase)
906 Enter new passphrase:
907 Reenter new passphrase:
910 Encrypted swap partition setup:
911 .Bd -literal -offset indent
912 # dd if=/dev/random of=/dev/ada0s1b bs=1m
913 # geli onetime -d -e 3des ada0s1b
914 # swapon /dev/ada0s1b.eli
917 The example below shows how to configure two providers which will be attached
918 on boot (before the root file system is mounted).
919 One of them is using passphrase and three keyfile parts and the other is
920 using only a keyfile in one part:
921 .Bd -literal -offset indent
922 # dd if=/dev/random of=/dev/da0 bs=1m
923 # dd if=/dev/random of=/boot/keys/da0.key0 bs=32k count=1
924 # dd if=/dev/random of=/boot/keys/da0.key1 bs=32k count=1
925 # dd if=/dev/random of=/boot/keys/da0.key2 bs=32k count=1
926 # geli init -b -K /boot/keys/da0.key0 -K /boot/keys/da0.key1 -K /boot/keys/da0.key2 da0
927 Enter new passphrase:
928 Reenter new passphrase:
929 # dd if=/dev/random of=/dev/da1s3a bs=1m
930 # dd if=/dev/random of=/boot/keys/da1s3a.key bs=128k count=1
931 # geli init -b -P -K /boot/keys/da1s3a.key da1s3a
934 The providers are initialized, now we have to add these lines to
935 .Pa /boot/loader.conf :
936 .Bd -literal -offset indent
937 geli_da0_keyfile0_load="YES"
938 geli_da0_keyfile0_type="da0:geli_keyfile0"
939 geli_da0_keyfile0_name="/boot/keys/da0.key0"
940 geli_da0_keyfile1_load="YES"
941 geli_da0_keyfile1_type="da0:geli_keyfile1"
942 geli_da0_keyfile1_name="/boot/keys/da0.key1"
943 geli_da0_keyfile2_load="YES"
944 geli_da0_keyfile2_type="da0:geli_keyfile2"
945 geli_da0_keyfile2_name="/boot/keys/da0.key2"
947 geli_da1s3a_keyfile0_load="YES"
948 geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
949 geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
952 If there is only one keyfile, the index might be omitted:
953 .Bd -literal -offset indent
954 geli_da1s3a_keyfile_load="YES"
955 geli_da1s3a_keyfile_type="da1s3a:geli_keyfile"
956 geli_da1s3a_keyfile_name="/boot/keys/da1s3a.key"
959 Not only configure encryption, but also data integrity verification using
961 .Bd -literal -offset indent
962 # geli init -a hmac/sha256 -s 4096 /dev/da0
963 Enter new passphrase:
964 Reenter new passphrase:
965 # geli attach /dev/da0
967 # dd if=/dev/random of=/dev/da0.eli bs=1m
969 # mount /dev/da0.eli /mnt/secret
973 writes the metadata backup by default to the
974 .Pa /var/backups/<prov>.eli
976 If the metadata is lost in any way (e.g., by accidental overwrite), it can be restored.
977 Consider the following situation:
978 .Bd -literal -offset indent
980 Enter new passphrase:
981 Reenter new passphrase:
983 Metadata backup can be found in /var/backups/da0.eli and
984 can be restored with the following command:
986 # geli restore /var/backups/da0.eli /dev/da0
988 # geli clear /dev/da0
989 # geli attach /dev/da0
990 geli: Cannot read metadata from /dev/da0: Invalid argument.
991 # geli restore /var/backups/da0.eli /dev/da0
992 # geli attach /dev/da0
996 If an encrypted file system is extended, it is necessary to relocate and
998 .Bd -literal -offset indent
999 # gpart create -s GPT ada0
1000 # gpart add -s 1g -t freebsd-ufs -i 1 ada0
1001 # geli init -K keyfile -P ada0p1
1002 # gpart resize -s 2g -i 1 ada0
1003 # geli resize -s 1g ada0p1
1004 # geli attach -k keyfile -p ada0p1
1007 Initialize provider with the passphrase split into two files.
1008 The provider can be attached using those two files or by entering
1010 as the passphrase at the
1013 .Bd -literal -offset indent
1014 # echo foo > da0.pass0
1015 # echo bar > da0.pass1
1016 # geli init -J da0.pass0 -J da0.pass1 da0
1017 # geli attach -j da0.pass0 -j da0.pass1 da0
1020 Enter passphrase: foobar
1025 devices on a laptop, suspend the laptop, then resume devices one by one after
1026 resuming the laptop:
1027 .Bd -literal -offset indent
1030 <resume your laptop>
1031 # geli resume -p -k keyfile gpt/secret
1032 # geli resume gpt/private
1035 .Sh ENCRYPTION MODES
1037 supports two encryption modes:
1039 which was standardized as
1043 with unpredictable IV.
1048 is very similar to the mode
1050 .Sh DATA AUTHENTICATION
1052 can verify data integrity when an authentication algorithm is specified.
1053 When data corruption/modification is detected,
1055 will not return any data, but instead will return an error
1057 The offset and size of the corrupted data will be printed on the console.
1058 It is important to know against which attacks
1060 provides protection for your data.
1061 If data is modified in-place or copied from one place on the disk
1062 to another even without modification,
1064 should be able to detect such a change.
1065 If an attacker can remember the encrypted data, he can overwrite any future
1066 changes with the data he owns without it being noticed.
1069 will not protect your data against replay attacks.
1071 It is recommended to write to the whole provider before first use,
1072 in order to make sure that all sectors and their corresponding
1073 checksums are properly initialized into a consistent state.
1074 One can safely ignore data authentication errors that occur immediately
1075 after the first time a provider is attached and before it is
1076 initialized in this way.
1092 block cipher is implemented by Yoshisato Yanagisawa in
1097 metadata version supported by the given FreeBSD version:
1098 .Bl -column -offset indent ".Sy FreeBSD" ".Sy version"
1099 .It Sy FreeBSD Ta Sy GELI
1100 .It Sy version Ta Sy version
1123 .An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org