From: Ondrej Kozina <okozina@redhat.com>
To: Ingo Franzki <ifranzki@linux.ibm.com>, dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup-reencrypt fails after converting a LUKS1 volume to LUKS2
Date: Thu, 2 Aug 2018 16:24:34 +0200 [thread overview]
Message-ID: <1620c1f1-0b3d-5c10-d76d-ed8ef2f79307@redhat.com> (raw)
In-Reply-To: <709030cb-7bff-52d2-782a-d0b899f8a8a4@linux.ibm.com>
On 08/02/2018 03:42 PM, Ingo Franzki wrote:
> On 02.08.2018 15:05, Ondrej Kozina wrote:
>> On 08/02/2018 12:38 PM, Ingo Franzki wrote:
>>
>>> A better error message is fine, but I would rather like to see a fix that makes cryptsetup-reencrypt work with non-default LUKS2 header sizes
>>
>> This commit in wip-luks2 branch should fix it 1f36e33a. I need to add some tests yet, but hope this is it. Provided it passes tests I think this may get in 2.0.4 since it's one-liner.
> Wow that was quick!
>
> I checked out wip-luks2, built it, and tested it out on my system. Works great! Even with the PAES cipher.
>
> Will the smaller header area have any negative impact on LUKS operations later on?
> Like does it allow less keyslots due to the reduced header space?
If you grow volume key size after conversion to LUKS2, yes, you may end
with header where you fit less than 8 active keyslots.
New features that would benefit from larger metadata area in LUKS2
header may also not work optimally (i.e future online reencryption).
Regards
Ondrej
prev parent reply other threads:[~2018-08-02 14:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-02 8:16 [dm-crypt] cryptsetup-reencrypt fails after converting a LUKS1 volume to LUKS2 Ingo Franzki
2018-08-02 8:52 ` Ondrej Kozina
2018-08-02 9:20 ` Ondrej Kozina
2018-08-02 9:28 ` Michael Kjörling
2018-08-02 9:44 ` Ondrej Kozina
2018-08-02 10:38 ` Ingo Franzki
2018-08-02 10:56 ` Ondrej Kozina
2018-08-02 13:05 ` Ondrej Kozina
2018-08-02 13:42 ` Ingo Franzki
2018-08-02 14:24 ` Ondrej Kozina [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1620c1f1-0b3d-5c10-d76d-ed8ef2f79307@redhat.com \
--to=okozina@redhat.com \
--cc=dm-crypt@saout.de \
--cc=ifranzki@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.