Re: Encrypted swap partition no longer encrypted

Reply: Graham Perrin : "dumpdev and encrypted swap"
Reply: Graham Perrin : "Experiments with sswap(1), srm(1), wipe(1), gdisk(8), lsblk and gpart(8)"
In reply to: Ronald Klop : "Re: Encrypted swap partition no longer encrypted"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Graham Perrin <grahamperrin_at_gmail.com>
Date: Fri, 27 Aug 2021 11:22:36 UTC
On 27/08/2021 10:10, Ronald Klop wrote:

> … change "/dev/ada0p2" to "/dev/ada0p2.eli" in the new fstab and reboot. …


Strange, I thought I tried that before writing. One of the first things 
that I would have tried.

Anyhow: now, it has the required effect.

----

An additional mystery. Before replacement of the internal hard disk, I 
had swap at:

/dev/ada0p3.eli

With that disk now external, in the dock on USB, metadata can not be 
read (geli attach fails). I'm happy for this to remain mysterious; 
assume that non-encrypted data somehow crept in, use sswap(1) to 
securely delete whatever might be there.

----

% swapinfo
Device          1M-blocks     Used    Avail Capacity
/dev/ada0p2.eli     16384        0    16384     0%
% sysrc dumpdev
dumpdev: /dev/ada0p2.eli
% grep swap /etc/fstab | grep -v \#
/dev/ada0p2.eli none                    swap sw,late                    
0     0
% sudo geli attach /dev/da0p3
grahamperrin's password:
geli: Cannot read metadata from /dev/da0p3: Invalid argument.
geli: There was an error with at least one provider.
% lsblk
DEVICE         MAJ:MIN SIZE 
TYPE                                          LABEL MOUNT
ada0             0:121 932G 
GPT                                               - -
   ada0p1         0:123 260M efi gpt/efiboot0 -
   <FREE>         -:-   1.0M 
-                                                 - -
   ada0p2         0:125  16G freebsd-swap                              
gpt/swap0 SWAP
   ada0p2.eli     2:67   16G 
freebsd-swap                                      - SWAP
   ada0p3         0:127 915G freebsd-zfs                                
gpt/zfs0 <ZFS>
   ada0p3.eli     0:135 915G 
zfs                                               - -
   <FREE>         -:-   708K 
-                                                 - -
cd0              0:129   0B 
-                                                 - -
da0              0:184 466G 
GPT                                               - -
   da0p1          0:189 200M efi msdosfs/EFISYS -
   da0p2          0:192 512K freebsd-boot gpt/gptboot0 -
   <FREE>         -:-   492K 
-                                                 - -
   da0p3          0:193  16G freebsd-swap                              
gpt/swap0 SWAP
   da0p4          0:194 450G freebsd-zfs                                
gpt/zfs0 <ZFS>
   da0p4.eli      0:198 450G 
zfs                                               - -
   <FREE>         -:-   4.0K 
-                                                 - -
da1              0:199   0B 
-                                                 - -
da2              0:200   0B 
-                                                 - -
da3              0:203   0B 
-                                                 - -
da4              0:208   0B 
-                                                 - -
da5              0:217 466G 
GPT                                               - -
   <FREE>         -:-   1.0M 
-                                                 - -
   da5p1          0:218 466G freebsd-zfs gpt/Transcend <ZFS>
da6              0:225  14G 
GPT                                               - -
   <FREE>         -:-   1.0M 
-                                                 - -
   da6p1          0:226  14G freebsd-zfs gpt/cache-transcend <ZFS>
da7              0:247  29G 
GPT                                               - -
   da7p1          0:248  29G freebsd-zfs gpt/cache-august <ZFS>
% sudo geli attach da0p3
geli: Cannot read metadata from da0p3: Invalid argument.
geli: There was an error with at least one provider.
% fstyp /dev/da0p3
fstyp: /dev/da0p3: filesystem not recognized
%