ZFS FreeBSD 11.1 geli keys from bsd-installer

[alo]

Hi,

I'm new to FreeBSD and learning about geli encryption. I've setup a system using the FreeBSD 11.1 installer. The storage setup is 4x 6TB disks using zfs. Using the installer I chose a RAID 1+0 setup (using all four disks), with full-disk encryption.

The installer created 2 zfs pools, "bootpool" and "zroot" as follows:

root@XXXXXX:~ # zpool status
  pool: bootpool
 state: ONLINE
  scan: none requested
config:

    NAME        STATE     READ WRITE CKSUM
    bootpool    ONLINE       0     0     0
     mirror-0  ONLINE       0     0     0
       ada0p3  ONLINE       0     0     0
       ada1p3  ONLINE       0     0     0
       ada2p3  ONLINE       0     0     0
       ada3p3  ONLINE       0     0     0

errors: No known data errors

  pool: zroot
 state: ONLINE
  scan: none requested
config:

    NAME            STATE     READ WRITE CKSUM
    zroot           ONLINE       0     0     0
     mirror-0      ONLINE       0     0     0
       ada0p5.eli  ONLINE       0     0     0
       ada1p5.eli  ONLINE       0     0     0
     mirror-1      ONLINE       0     0     0
       ada2p5.eli  ONLINE       0     0     0
       ada3p5.eli  ONLINE       0     0     0

errors: No known data errors

/boot contains the files:
ada0p5.eli
ada1p5.eli
ada2p5.eli
ada3p5.eli
encryption.key

My understanding is that the .eli files (ada0p5.eli, ada1p5.eli, ...) are the provider metadata files, containing the master-key (and other info) for each encrypted partition. Upon inspection (using geli dump), each master-key is different for each provider. Inspection of /boot/loader.conf shows that the bootstrap is using the file /boot/encryption.key as a common master-key for each encrypted partition:

geli_ada0p5_keyfile0_load="YES"
geli_ada0p5_keyfile0_type="ada0p5:geli_keyfile0"
geli_ada0p5_keyfile0_name="/boot/encryption.key"
geli_ada0p5_keyfile0_load="YES"
geli_ada0p5_keyfile0_type="ada0p5:geli_keyfile0"
geli_ada0p5_keyfile0_name="/boot/encryption.key"
geli_ada1p5_keyfile0_load="YES"
geli_ada1p5_keyfile0_type="ada1p5:geli_keyfile0"
geli_ada1p5_keyfile0_name="/boot/encryption.key"
geli_ada1p5_keyfile0_load="YES"
geli_ada1p5_keyfile0_type="ada1p5:geli_keyfile0"
geli_ada1p5_keyfile0_name="/boot/encryption.key"
geli_ada2p5_keyfile0_load="YES"
geli_ada2p5_keyfile0_type="ada2p5:geli_keyfile0"
geli_ada2p5_keyfile0_name="/boot/encryption.key"
geli_ada2p5_keyfile0_load="YES"
geli_ada2p5_keyfile0_type="ada2p5:geli_keyfile0"
geli_ada2p5_keyfile0_name="/boot/encryption.key"
geli_ada3p5_keyfile0_load="YES"
geli_ada3p5_keyfile0_type="ada3p5:geli_keyfile0"
geli_ada3p5_keyfile0_name="/boot/encryption.key"
geli_ada3p5_keyfile0_load="YES"
geli_ada3p5_keyfile0_type="ada3p5:geli_keyfile0"
geli_ada3p5_keyfile0_name="/boot/encryption.key"

My questions are:

(1) Can someone explain how the file encryption.key was created? For example, Is this some sort of concatention of each master-key from each device? Or, are all devices using the same master-key (encryption.key)? In this case, what am I seeing in the "master-key" section of geli dump (these appear to be plain text keys, which are different for each provider)?

(2) What is a "salt-key" and how is it used in geli encryption?

(3) When people refer to "backing up their encryption key," would this be the file encryption.key, each provider's metadata, or both?

(4) The geli manual says that a backup copy each master-key should be created by default when geli init is applied to each provider. Does anyone know if the bsd-installer created these and where I can find them? Or does the bsd-installer suppress backup creation with the geli init -B none option.

Thanks for your help. Don't crucify me if I'm understanding something incorrectly. I'm learning...

 

[Deleted member 45312]

Nobody will crucify you on this forum, FreeBSD users are civilized guys

 

[driesm]

Ok so I found the time to write out some answers for you.
In the previous weekend I had some time to read through the BSDinstall script zfsboot.
This script is used to partition/configure the rootonZFS setup.
If you are interessted in learning shell syntax its a good place to start as did I
Also, this question should belong under the GELI tag, not ZFS but here we go.

1) encryption.key is created with the dd command like so and is saved on /boot/encryption.key.
dd if=/dev/random of=/bootpool/boot/encryption.key bs=4096 count=1
This is what they call a userkey (using -K /boot/encryption.key during initiatlization of the geli container on the provider). All devices in the setup are using the same userkey as can be seen in /boot/loader.conf.
The masterkey is unique to each provider and is stored as metadata during initialization of the geli container.
The masterkeys need not be specified, as the geli software looks for that metadata when attaching the provider.
A userkey is not mandatory but recommended. It is perfectly possible to only use a password.
geli dump backs-up the masterkeys, it reads the metadata and dumps it in plane text.

2) No clue... I think the "salt" concept is not used in encryption or atleast geli context. Someone correct me if I'm wrong.

3) This would be atleast the different masterkeys unique to each provider (contained in the written metadata of each disk during initiatlization of the geli container).
These are already backed-up by the installer (check (4) in my post). When a user key is used, it should also be backed-up.
The installer uses the exact same userkey for every provider named /boot/encryption.key.
When only a password is used during the initialization of the geli container, only the masterkeys need to be backed-up with geli dump.
When both a password and a userkey are used, both the masterkeys and the userkey should be backed-up.

4) The installer backs-up the masterkeys as /boot/provider.eli (using -B /boot/provider.eli during initiatlization of the geli container on the provider).