netbsd-help: Re: can cgdconfig really destroy a protected partition by itself ?

Subject: Re: can cgdconfig really destroy a protected partition by itself ?
To: typ0 <typ0@bragatel.pt>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-help
Date: 03/26/2006 17:49:30

On Sat, Mar 25, 2006 at 04:01:03AM +0000, typ0 wrote:
> After trying to configure a cgd device with the pass-phrase i remembered, it
> wasn't being accepted. So i stupidly ended up doing:
> 
> zion:cgd root# echo -e "actual passphrase" | cgdconfig -s -v cgd1 /dev/wd0g
> aes-cbc 256            <---- stupid, -s is to read the key, not passphrase !
>     with alg aes-cbc keylen 256 blocksize -1 ivmethod encblkno
> zion:cgd root# pwd
> /etc/cgd
> zion:cgd root# ls
> cgd.conf         wd0b             wd0b.disklabel   wd0g
> zion:cgd root# ls -l
> total 4
> -rw-------  1 root  wheel   31 Feb 11 12:29 cgd.conf
> -rw-------  1 root  wheel   97 Mar  9  2005 wd0b
> -rw-------  1 root  wheel  635 Mar  9  2005 wd0b.disklabel
> -rw-------  1 root  wheel  177 Mar  9  2005 wd0g
> zion:cgd root# cat cgd.conf 
> cgd0    /dev/wd0b
> cgd1    /dev/wd0g
> zion:cgd root# cat wd0g
> algorithm aes-cbc;
> iv-method encblkno;
> keylength 256;
> verify_method disklabel;
> keygen pkcs5_pbkdf2/sha1 {
>         iterations 4939;
>         salt (omitted);
> };
> zion:cgd root# mount /usr/free
> mount_ffs: /dev/cgd1a on /usr/free: incorrect super block
> zion:cgd root# cgdconfig -C
> /dev/wd0g's passphrase:
> 
> zion:cgd root# cgdconfig -C
> /dev/wd0g's passphrase:
> ioctl: Device busy
> cgdconfig: action failed on "/etc/cgd/cgd.conf" line 2
> zion:cgd root# cgdconfig -u cgd1
> zion:cgd root# cgdconfig -C
> /dev/wd0g's passphrase:
> verification failed, please reenter passphrase
> 
> 
> 
> btw, /usr/free is in fstab and it's where I mount the cgd1a device.
> 
> 
> My question is, did i just lost everything in /dev/wd0g as I read it on
> http://www.netbsd.org/guide/en/chap-cgd.html#chap-cgd-overview-verification , in
> method 'none' or am i missing something here ? If I do get my pass-phrase right,
> will I still be able to mount my cgd protected partition ?

If you didn't write anything to /dev/cgd0* (e.g. dind't run newfs,
rewrote a disklabel, etc ...) your data are still here.
You just need to cgdconfig -u, and reenter the right passphrase.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--