从:http://www.openbsd.org/cgi-bin/man.cgi?query=bioctl
The following command, executed from the command line, would configure
the device softraid0 with one special device (/dev/sd2e) and an
encrypting volume:
# bioctl -c C -l /dev/sd2e softraid0
bioctl will ask for a passphrase, which will be needed to unlock the
encrypted disk. After creating a newly encrypted disk, the first
megabyte of it should be zeroed, so tools like fdisk(8) or disklabel(8)
don't get confused by the random data that appears on the new disk. This
can be done with the following command (assuming the new disk is sd3):
# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
我的问题:但到底为什么需要擦除 CRYPTO 设备的第一个 MByte?如果我错过这样做,会有什么缺点吗?
答案1
用句子描述原因:
so tools like fdisk(8) or disklabel(8) don't get confused by the
random data that appears on the new disk
创建加密设备后,数据将是随机的(即使磁盘上最初全是零,因为描述)。如果该数据看起来(几乎)像有效的分区表信息,fdisk
则可能会感到困惑。disklabel
所以你必须归零通过加密在继续之前写入非随机数据。
答案2
你已经引用了答案。
因此像 fdisk(8) 或 disklabel(8) 这样的工具不会被新磁盘上出现的随机数据所迷惑
用于对磁盘进行分区的工具(如fdisk
和parted
)或用于标记磁盘的工具(如disklabel
)将尝试读取现有的 MBR。如果 MBR 为零,那么他们会将其视为空。如果它不为零,他们将尝试理解它的内容。但在你的情况下,内容将是完全随机的。如果这些工具没有准备好读取虚假值,它会使这些工具感到困惑,并且在最坏的情况下可能会崩溃。
答案3
我在 OpenBSD 杂项邮件列表上找到了 Nick Holland 的答案:
So...today, you take a couple disks, zero the first 10MB, put a 1G boot
partition and make the rest RAID, then build a mirrored set, do your
testing, and call it done.
Tomorrow, you take the same disk, zero the first 10MB, put a 1GB boot
partition on it, and make the rest RAID, and intend to build a crypto
RAID partition on it. Except...Poof! your RAID1 chunk is baaack! Why?
Because you didn't touch the softraid data which is 1GB up the disk.