All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Schneider, Robert" <robert.schneider03@sap.com>
To: "dm-crypt@saout.de" <dm-crypt@saout.de>
Subject: [dm-crypt] Transactional updates for LUKS2 metadata?
Date: Fri, 9 Apr 2021 18:46:36 +0000	[thread overview]
Message-ID: <AM0PR02MB5585DDB379587BDCADB87F628F739@AM0PR02MB5585.eurprd02.prod.outlook.com> (raw)

Hi,

Is there a way to get transactions over multiple metadata operations when using libcryptsetup?

Imagine I have some mechanism for unlocking which requires information from a token associated to a keyslot. Now I'd like to update that information in the token together with the keyslot.
But if the machine reboots in between the API calls, I believe my unlock mechanism would be broken - for example, when I've updated the keyslot but still have the old token.

I could not find an operation to update a token atomically, nor any transaction operations (like open transaction, commit) in the API. I've had a quick glance at the source code and it looks to me like the header is updated in memory and finally written to disk with replica, using a sequence number. This suggests to me that transactions should be relatively easy to implement. However I don't see the full picture of course, so I'd like to know your opinion.

As an alternative to transactions within the libcryptsetup API, it looks like it's possible to perform a header backup, then manipulate the detached (backup) header, and finally restore the header - as long as the volume key is not changed. Do you think that's a reasonable alternative, or are there potential pitfalls here?

Thanks,
Robert
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

             reply	other threads:[~2021-04-10 18:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-09 18:46 Schneider, Robert [this message]
2021-04-10 19:27 ` [dm-crypt] Re: Transactional updates for LUKS2 metadata? Milan Broz
2021-04-11 12:09   ` Schneider, Robert
2021-04-20  8:43     ` Ondrej Kozina
2021-04-22  7:00       ` Schneider, Robert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AM0PR02MB5585DDB379587BDCADB87F628F739@AM0PR02MB5585.eurprd02.prod.outlook.com \
    --to=robert.schneider03@sap.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.