From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-eopbgr810059.outbound.protection.outlook.com [40.107.81.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sat, 19 Oct 2019 21:59:08 +0200 (CEST) From: Hualing Yu Date: Sat, 19 Oct 2019 19:59:00 +0000 Message-ID: References: In-Reply-To: Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CH2P132MB0187355415BBA6FAA578C79A876F0CH2P132MB0187NAMP_" MIME-Version: 1.0 Subject: Re: [dm-crypt] 10 M Luks2 header size? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz , "dm-crypt@saout.de" --_000_CH2P132MB0187355415BBA6FAA578C79A876F0CH2P132MB0187NAMP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Milan, I just setup my outlook email text format to HTML. Please let me know if t= his is readable to you. May I ask a couple of additional questions about this so that we know how t= o trade off. 1. What the reencryption can do for us? Could you explain very briefl= y as I'm not sure if we need it? 2. We need only one or at most two keyslots but we do want them to be = scattered as much as needed just as if for the default case, what we can do= ? Use -luks2-keyslots-size=3D1 M (or whatever size that will give two key = enough space to scatter)? 3. What the size of metadata size for default configuration? What's t= he downside of using 16 K? I thank you very much for your help on this! Hualing -----Original Message----- From: Hualing Yu Sent: Saturday, October 19, 2019 2:47 PM To: Milan Broz ; dm-crypt@saout.de Subject: RE: [dm-crypt] 10 M Luks2 header size? Hi Milan, Finally I found the right person for this! Thank you very much!! I will try the way to make a smaller header, but also will share your sugge= stion with our team about keeping the default settings. We work on embedde= d system but not very tiny one. We may be able to survive with 16 M defaul= t header. The important part is to understand this is correct. I was worried if I di= d something wrong 8-) Again, thank you very much!! Hualing -----Original Message----- From: Milan Broz [mailto:gmazyland@gmail.com] Sent: Saturday, October 19, 2019 3:08 AM To: Hualing Yu ; dm-crypt@saout.de Subject: Re: [dm-crypt] 10 M Luks2 header size? On 18/10/2019 21:24, Hualing Yu wrote: > Sorry one typo - > See in red below. > Thank you very much for the help! Hi, Please, could you send your question without using HTML in the mail next ti= me? I am usually replaying to the HTML emails, but your mail is almost unreadab= le in a text mail client. For the question, I was able to decode: Yes, the default LUKS2 header size is 16M, it allocates much more area for = a possible online operation later (online reencryption). But it is configurable, and you can decrease pre-allocated areas, even to t= he absolute minimum. It only applies if 1 keyslot is ok for you and you do not want to use any e= xtensions in the future, more explanation here https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugs.de= bian.org%2Fcgi-bin%2Fbugreport.cgi%3Fbug%3D932437%2310&data=3D02%7C01%7= Chualing.yu%40jci.com%7Cbddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147ded45b6= 81a19e8ae3459641%7C0%7C0%7C637070656655052689&sdata=3DZqInWp0IIFwUT2tG5= HQ1YviL2Bc9UcM1yevFT8bn66w%3D&reserved=3D0 For the generic area description read design doc https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgitlab.= com%2Fcryptsetup%2FLUKS2-docs&data=3D02%7C01%7Chualing.yu%40jci.com%7Cb= ddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147ded45b681a19e8ae3459641%7C0%7C0%= 7C637070656655052689&sdata=3Dzv66AtTvvXU6jJHbzRfQkJ2zG5aKENRLuiid41KBp6= I%3D&reserved=3D0 For the generic user, if you can, please do not change the default, 16MB is= today really not a big amount of disk storage. (With the exceptions of embedded systems.) Milan > _____________________________________________ > *From:* Hualing Yu > *Sent:* Friday, October 18, 2019 3:02 PM > *To:* 'dm-crypt@saout.de' > *Subject:* 10 M Luks2 header size? > > > Hello, > > I have a question on Luks2 header size. I created luck2 partition with o= nly one passphrase slot enabled. But it seems to take really 10 M space. = Here is the luks dump: > > sh-4.4# cryptsetup luksDump /dev/mmcblk2gp0p2 LUKS header information > Version: 2 > Epoch: 3 > Metadata area: 16384 [bytes] > Keyslots area: 16744448 [bytes] <<<<<<<<<<<<<<<<<<<<<< why keyslots take = so much space? > UUID: 9037890e-0f2b-4d73-b93b-e2bb53579492 > Label: (no label) > Subsystem: (no subsystem) > Flags: (no flags) > Data segments: > 0: crypt > offset: 16777216 [bytes] <<<<<<<<<<<<<<<<<<<<<<< so this means the > space available to user data is after keylots > length: (whole device) > cipher: aes-xts-plain64 > sector: 512 [bytes] > I check in the internet and found all luks2 header dumps show the same va= lues for those two commented entries. > I actually also looked into my device content using dd command, and see i= ndeed the space before 16777216 bytes (10 M) is all scatted filled with som= ething, only after that point, it is all '0'. I zeroed out entire device be= fore doing cryptsetup luksFormat. > Also checked the mapped device size from /dev/mapper/, and fr= om dev/ : > sh-4.4# fdisk -l /dev/mmcblk2gp0p2 > Disk /dev/mmcblk2gp0p2: 392 MB, 411041792 bytes, 802816 sectors > 12544 cylinders, 4 heads, 16 sectors/track > Units: sectors of 1 * 512 =3D 512 bytes > > Disk /dev/mmcblk2gp0p2 doesn't contain a valid partition table sh-4.4# > sh-4.4# fdisk -l /dev/mapper/gp0p2 Disk /dev/mapper/gp0p2: 376 MB, > 394264576 bytes, 770048 sectors > 47 cylinders, 255 heads, 63 sectors/track > Units: sectors of 1 * 512 =3D 512 bytes > > 411041792 - 394264576 =3D 16777216 (10M) > > Is there anything wrong? Should luks has so much overhead? > I appreciate it greatly if you could share you thinking on this. > > Thank you, > > > Hualing > > _____________________________________________ > *From:* Hualing Yu > *Sent:* Friday, October 18, 2019 10:22 AM > *To:* _dm-crypt@saout.de_ > *Subject:* question on LUKS2 > > > Hello, > > Is this mailing list still active? > May I still ask questions here? > > Thanks, > > > Hualing > Yu > > Firmware Engineering > Security Products > Johnson Controls > 6 Technology Park Drive > Westford, MA 01886 > USA > +1 978 577 4171 direct > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww. > saout.de%2Fmailman%2Flistinfo%2Fdm-crypt&data=3D02%7C01%7Chualing.yu > %40jci.com%7Cbddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147ded45b681a19e > 8ae3459641%7C0%7C0%7C637070656655052689&sdata=3DFXr5jwrKa5oVnlMC0svl > VAk3k55qNL0lUaYkl9NHkvo%3D&reserved=3D0 > --_000_CH2P132MB0187355415BBA6FAA578C79A876F0CH2P132MB0187NAMP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Milan,

 

I just setup my outlook email text format to HTML= .  Please let me know if this is readable to you.

 

May I ask a couple of additional questions about = this so that we know how to trade off.

 

1.      What the reencryption can do for us?  Could yo= u explain very briefly as I’m not sure if we need it?

2.      We need only one or at most two keyslots but we do = want them to be scattered as much as needed just as if for the default case= , what we can do? Use  –luks2-keyslots-size=3D1 M (or whatever s= ize that will give two key enough space to scatter)?

3.      What the size of metadata size for default configur= ation?  What’s the downside of using 16 K?

 

I thank you very much for your help on this!=

 

Hualing

 

-----Original Message-----

From: Hualing Yu

Sent: Saturday, October 19, 2019 2:47 PM

To: Milan Broz <gmazyland@gmail.com>; dm-cr= ypt@saout.de

Subject: RE: [dm-crypt] 10 M Luks2 header size?

 

Hi Milan,

 

Finally I found the right person for this!  = Thank you very much!!

I will try the way to make a smaller header, but = also will share your suggestion with our team about keeping the default set= tings.  We work on embedded system but not very tiny one.  We may= be able to survive with 16 M default header. 

 

The important part is to understand this is corre= ct.  I was worried if I did something wrong 8-)

 

Again, thank you very much!!

 

Hualing

 

-----Original Message-----

From: Milan Broz [mailto:gmazyland@gmail.com]

Sent: Saturday, October 19, 2019 3:08 AM

To: Hualing Yu <hualing.yu@jci.com>; dm-cry= pt@saout.de

Subject: Re: [dm-crypt] 10 M Luks2 header size?

 

On 18/10/2019 21:24, Hualing Yu wrote:=

> Sorry one typo –

> See in red below.

> Thank you very much for the help!=

 

Hi,

 

Please, could you send your question without usin= g HTML in the mail next time?

 

I am usually replaying to the HTML emails, but yo= ur mail is almost unreadable in a text mail client.

 

For the question, I was able to decode:

 

Yes, the default LUKS2 header size is 16M, it all= ocates much more area for a possible online operation later (online reencry= ption).

 

But it is configurable, and you can decrease pre-= allocated areas, even to the absolute minimum.

It only applies if 1 keyslot is ok for you and yo= u do not want to use any extensions in the future, more explanation here

https://nam02.safelinks.protection.outlook.com/?u= rl=3Dhttps%3A%2F%2Fbugs.debian.org%2Fcgi-bin%2Fbugreport.cgi%3Fbug%3D932437= %2310&amp;data=3D02%7C01%7Chualing.yu%40jci.com%7Cbddc0c78fcb24d90ca130= 8d754630972%7Ca1f1e2147ded45b681a19e8ae3459641%7C0%7C0%7C637070656655052689= &amp;sdata=3DZqInWp0IIFwUT2tG5HQ1YviL2Bc9UcM1yevFT8bn66w%3D&amp;res= erved=3D0

 

For the generic area description read design doc<= o:p>

https://nam02.safelinks.protection.outlook.com/?u= rl=3Dhttps%3A%2F%2Fgitlab.com%2Fcryptsetup%2FLUKS2-docs&amp;data=3D02%7= C01%7Chualing.yu%40jci.com%7Cbddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147de= d45b681a19e8ae3459641%7C0%7C0%7C637070656655052689&amp;sdata=3Dzv66AtTv= vXU6jJHbzRfQkJ2zG5aKENRLuiid41KBp6I%3D&amp;reserved=3D0

 

For the generic user, if you can, please do not c= hange the default, 16MB is today really not a big amount of disk storage.

(With the exceptions of embedded systems.)

 

Milan

 

 

> ____________________________________________= _

> *From:* Hualing Yu

> *Sent:* Friday, October 18, 2019 3:02 PM

> *To:* 'dm-crypt@saout.de' <dm-crypt@saout= .de>

> *Subject:* 10 M Luks2 header size?

>  

>  

> Hello,

>  

> I have a question on Luks2 header size. = ; I created luck2 partition with only one passphrase slot enabled.  Bu= t it seems to take really 10 M space.  Here is the luks dump:

>

> sh-4.4# cryptsetup luksDump /dev/mmcblk2gp0p= 2 LUKS header information

> Version: 2

> Epoch: 3

> Metadata area: 16384 [bytes]

> Keyslots area: 16744448 [bytes] <<<= <<<<<<<<<<<<<<<<<<<= ; why keyslots take so much space?

> UUID: 9037890e-0f2b-4d73-b93b-e2bb53579492

> Label: (no label)

> Subsystem: (no subsystem)

> Flags: (no flags)

> Data segments:

> 0: crypt

> offset: 16777216 [bytes] <<<<<= ;<<<<<<<<<<<<<<<<<< s= o this means the

> space available to user data is after keylot= s

> length: (whole device)

> cipher: aes-xts-plain64

> sector: 512 [bytes]

> I check in the internet and found all luks2 = header dumps show the same values for those two commented entries.

> I actually also looked into my device conten= t using dd command, and see indeed the space before 16777216 bytes (10 M) i= s all scatted filled with something, only after that point, it is all '0'. = I zeroed out entire device before doing cryptsetup luksFormat.

> Also checked the mapped device size from /de= v/mapper/<mapped dev>, and from dev/<device> :

> sh-4.4# fdisk -l /dev/mmcblk2gp0p2

> Disk /dev/mmcblk2gp0p2: 392 MB, 411041792 by= tes, 802816 sectors

> 12544 cylinders, 4 heads, 16 sectors/track

> Units: sectors of 1 * 512 =3D 512 bytes=

>  

> Disk /dev/mmcblk2gp0p2 doesn't contain a val= id partition table sh-4.4#

> sh-4.4# fdisk -l /dev/mapper/gp0p2 Disk /dev= /mapper/gp0p2: 376 MB,

> 394264576 bytes, 770048 sectors

> 47 cylinders, 255 heads, 63 sectors/track

> Units: sectors of 1 * 512 =3D 512 bytes=

>  

> 411041792 – 394264576 =3D 16777216 (10= M)

>  

> Is there anything wrong?  Should luks h= as so much overhead?

> I appreciate it greatly if you could share y= ou thinking on this.

>  

> Thank you,

>  

>  

> Hualing

>  

> ____________________________________________= _

> *From:* Hualing Yu

> *Sent:* Friday, October 18, 2019 10:22 AM

> *To:* _dm-crypt@saout.de_ <mailto:dm-cryp= t@saout.de>

> *Subject:* question on LUKS2

>  

>  

> Hello,

>  

> Is this mailing list still active?

> May I still ask questions here?

>  

> Thanks,

>  

>  

> Hualing

> Yu

>  

> Firmware Engineering

> Security Products

> Johnson Controls

> 6 Technology Park Drive

> Westford, MA 01886

> USA

> +1 978 577 4171 direct

>  

>  

>  

>

> ____________________________________________= ___

> dm-crypt mailing list

> dm-crypt@saout.de

> https://nam02.safelinks.protection.outlook.c= om/?url=3Dhttps%3A%2F%2Fwww.

> saout.de%2Fmailman%2Flistinfo%2Fdm-crypt&= ;amp;data=3D02%7C01%7Chualing.yu

> %40jci.com%7Cbddc0c78fcb24d90ca1308d75463097= 2%7Ca1f1e2147ded45b681a19e

> 8ae3459641%7C0%7C0%7C637070656655052689&= amp;sdata=3DFXr5jwrKa5oVnlMC0svl

> VAk3k55qNL0lUaYkl9NHkvo%3D&amp;reserved= =3D0

>

--_000_CH2P132MB0187355415BBA6FAA578C79A876F0CH2P132MB0187NAMP_--