# Bug: geli(8) ignores keylen=256 in fstab



## Leander (Nov 28, 2015)

Hi,

It seems like latest FreeBSD RELEASE ignores keylen=256 in /etc/fstab for swap encryption by geli(8). I assume this is a bug, since it had been working for the past years. Please have a look at the output below:


```
root@FreeBSD [~]$ cat /etc/fstab

/dev/mirror/swap.eli  none  swap  sw,aalgo=HMAC/SHA256,ealgo=AES-XTS,keylen=256,sectorsize=4096  0  0
fdesc  /dev/fd  fdescfs  rw  0  0
proc  /proc  procfs  rw  0  0

root@FreeBSD [~]$ swapoff /dev/mirror/swap.eli ; sleep 1 ; swapon /dev/mirror/swap.eli ; geli list
Geom name: mirror/swap.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 128
Crypto: software
Version: 7
Flags: ONETIME, W-DETACH, W-OPEN
KeysAllocated: 3
KeysTotal: 3
Providers:
1. Name: mirror/swap.eli
  Mediasize: 10737414144 (10G)
  Sectorsize: 4096
  Mode: r1w1e0
Consumers:
1. Name: mirror/swap
  Mediasize: 10737417728 (10G)
  Sectorsize: 512
  Mode: r1w1e1

FreeBSD FreeBSD.LocalDomain 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015  root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
```


----------



## Leander (Nov 28, 2015)

A second test showed, that swap settings of /etc/fstab are completly ignored. I deleted the entire line:

```
/dev/mirror/swap.eli none swap sw,aalgo=HMAC/SHA256,ealgo=AES-XTS,keylen=256,sectorsize=4096 0 0
```
and afterwards did:
`swapoff /dev/mirror/swap.eli ; sleep 1 ; swapon /dev/mirror/swap.eli ; geli list`
And the result was the same as before. This is weird. Why is this happening?


----------



## Leander (Nov 28, 2015)

Turns out, it only seems to be a bug when one tries to change the keylen of a "auto-ZFS"-installation when swap mirror has been selected. This can be fixed by destroying the mirror manually and setting it up completly new again.

Cheers


----------

