Monday Jan 03, 2011

ZFS Encryption for USB sticks on Solaris 11 Express

USB memory sticks are easily lost, so to keep your data safe, it's best to use the new encryption feature of ZFS available since snv_149 (ZFS version 30). Here's how to take advantage of it.
[paulie@adrenaline ~]$ uname -a
SunOS adrenaline 5.11 snv_155 i86pc i386 i86pc Solaris
Get the device id for the USB stick using rmformat.
[paulie@adrenaline ~]$ rmformat
Looking for devices...
     1. Logical Node: /dev/rdsk/c11t0d0p0
        Physical Node: /pci@0,0/pci108e,534a@2/hub@4/storage@1/disk@0,0
        Connected Device: SanDisk  U3 Cruzer Micro  8.02
        Device Type: Removable
	Bus: USB
	Size: 1.9 GB
	Label: 
	Access permissions: Medium is not write protected.
The device id is c11t0d0p0. Using this id, we can make a pool on the device called 'secret'. You can call yours whatever you want.
[paulie@adrenaline ~]# zpool create -O encryption=on secret c11t0d0p0
Enter passphrase for 'secret': 
Enter again: 
Let's create a random 128MB file in the new pool called file.enc.
[paulie@adrenaline ~]# cd /secret; mkfile 128m file.enc
Now, let's make sure it works by exporting and importing the secret pool and hope it asks for a password.
[paulie@adrenaline ~]# zpool export secret
[paulie@adrenaline ~]# zpool import secret
Enter passphrase for 'secret': 
It works as expected. Let's check for the created file.
[paulie@adrenaline ~]# ls /secret
file.enc
We can also check the encryption of any zfs filesystem by using the following command:
[paulie@adrenaline ~]# zfs get encryption secret
NAME    PROPERTY    VALUE        SOURCE
secret  encryption  on           local
For more information visit:
http://docs.sun.com/app/docs/doc/821-1448/gkkih

Wednesday Jun 09, 2010

"Cannot open device" Error

On occasion if you are trying to fdisk or mount a USB disk on Solaris 10 you may get an error that says "Cannot open device." For example:
# fdisk /dev/rdsk/c2t0d0s2
Cannot open device
Things to check:
  • 1. Make sure you are root or have the correct user privilege
  • 2. Try `devfsadm -Cv` to remove any stale disk entries
  • 3. Stop volume management `svcadm disable volfs`

Wednesday Apr 28, 2010

Packages Renamed in OpenSolaris

If you have been using the package management system in the newest builds of OpenSolaris (b133+), you may have noticed the naming scheme changes that affect new and existing packages. [Full list of changes]

For example, trying to find the usb header file package is a bit trickier. These files, namely usba.h, usbai.h, and usbdevs.h, are not installed into /usr/include/sys/usb in the default installation. To retrieve them, use this command:

$ pfexec pkg install header-usb

In previous version, these files could have been obtained from either SUNWusbu or SUNWsfwhea. The removal of the SUNW prefix is the most apparent name change for the package collection. Now you can get busy building the latest apcupsd version!

About

Hiya, my name is Paul Johnson and I'm a software engineer working on the ZFS storage appliance .

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today