From: JT <moreejt@yahoo.com>
To: "dm-crypt@saout.de" <dm-crypt@saout.de>
Subject: [dm-crypt] FAQ :WAS: LUKS2 on disk format
Date: Mon, 11 May 2020 16:15:27 -0700 [thread overview]
Message-ID: <144c987674b937a9fdd96f69d8e88743fbce1a42.camel@yahoo.com> (raw)
In-Reply-To: <d9467f05-1e69-4f26-950e-4832a43e1bad@gmail.com>
I had a similar question on my list. This would be a good one for the
revised FAQ.
Q: What is the size of the LUKS2 header?
A: the LUKS header size is configurable. 16MB is the default size.
It can be changed by .....
Q: Does all metadata exist in the header? Can I be sure that there is
no LUKS metadata somewhere in the middle or in the end of the drive?
A: Yes, all LUKS metadata is stored in the LUKS heaer. (Most of the
area is reserved for keyslots, used in online reencryption.)
There is a small exception if you use experimental integrity protection
(authenticated encryption) where dm-crypt is stacked over dm-integrity
device. In that case there is a dm-integrity superblock at the
beginning of data area which contains only configuration of dm-integrity metadata. No LUKS metadata is stored in this location. The superblock is required by the kernel dm-integrity implementation.
next prev parent reply other threads:[~2020-05-11 23:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 19:07 [dm-crypt] LUKS2 on disk format Maksim Fomin
2020-05-11 19:58 ` Milan Broz
2020-05-11 23:15 ` JT [this message]
2020-05-12 14:28 ` [dm-crypt] FAQ :WAS: " Arno Wagner
2020-05-12 5:48 ` [dm-crypt] " Maksim Fomin
2020-05-12 9:54 ` Ondrej Kozina
2020-05-12 10:31 ` Maksim Fomin
2020-05-12 11:03 ` Ondrej Kozina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=144c987674b937a9fdd96f69d8e88743fbce1a42.camel@yahoo.com \
--to=moreejt@yahoo.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.