Clarify error that geli generates

when it finds corrupt data.

PR:		kern/165695
Submitted by:	Robert Simmons <rsimmons0@gmail.com>
Reviewed by:	pjd
Approved by:	cperciva
MFC after:	1 week

2 files changed, 7 insertions, 3 deletions

diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8
index 43c0129..0803480 100644
--- a/sbin/geom/class/eli/geli.8
+++ b/sbin/geom/class/eli/geli.8
@@ -924,6 +924,9 @@ will not protect your data against replay attacks.
 It is recommended to write to the whole provider before first use,
 in order to make sure that all sectors and their corresponding
 checksums are properly initialized into a consistent state.
+One can safely ignore data authentication errors that occur immediately
+after the first time a provider is attached and before it is
+initialized in this way.
 .Sh SEE ALSO
 .Xr crypto 4 ,
 .Xr gbde 4 ,
diff --git a/sys/geom/eli/g_eli_integrity.c b/sys/geom/eli/g_eli_integrity.c
index 50f2a31..c029d8e 100644
--- a/sys/geom/eli/g_eli_integrity.c
+++ b/sys/geom/eli/g_eli_integrity.c
@@ -205,8 +205,8 @@ g_eli_auth_read_done(struct cryptop *crp)
 				 * Report previous corruption if there was one.
 				 */
 				if (coroff != -1) {
-					G_ELI_DEBUG(0, "%s: %jd bytes "
-					    "corrupted at offset %jd.",
+					G_ELI_DEBUG(0, "%s: Failed to authenticate %jd "
+					    "bytes of data at offset %jd",
 					    sc->sc_name, (intmax_t)corsize,
 					    (intmax_t)coroff);
 					coroff = -1;
@@ -221,7 +221,8 @@ g_eli_auth_read_done(struct cryptop *crp)
 		}
 		/* Report previous corruption if there was one. */
 		if (coroff != -1) {
-			G_ELI_DEBUG(0, "%s: %jd bytes corrupted at offset %jd.",
+			G_ELI_DEBUG(0, "%s: Failed to authenticate %jd "
+			    "bytes of data at offset %jd",
 			    sc->sc_name, (intmax_t)corsize, (intmax_t)coroff);
 		}
 	}