From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710042.outbound.protection.outlook.com [40.107.71.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sat, 19 Oct 2019 20:47:18 +0200 (CEST) From: Hualing Yu Date: Sat, 19 Oct 2019 18:47:14 +0000 Message-ID: References: In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dm-crypt] 10 M Luks2 header size? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz , "dm-crypt@saout.de" Hi Milan, Finally I found the right person for this! Thank you very much!! I will try the way to make a smaller header, but also will share your sugge= stion with our team about keeping the default settings. We work on embedde= d system but not very tiny one. We may be able to survive with 16 M defaul= t header. =20 The important part is to understand this is correct. I was worried if I di= d something wrong 8-) Again, thank you very much!! Hualing -----Original Message----- From: Milan Broz [mailto:gmazyland@gmail.com]=20 Sent: Saturday, October 19, 2019 3:08 AM To: Hualing Yu ; dm-crypt@saout.de Subject: Re: [dm-crypt] 10 M Luks2 header size? On 18/10/2019 21:24, Hualing Yu wrote: > Sorry one typo - > See in red below. > Thank you very much for the help! Hi, Please, could you send your question without using HTML in the mail next ti= me? I am usually replaying to the HTML emails, but your mail is almost unreadab= le in a text mail client. For the question, I was able to decode: Yes, the default LUKS2 header size is 16M, it allocates much more area for = a possible online operation later (online reencryption). But it is configurable, and you can decrease pre-allocated areas, even to t= he absolute minimum. It only applies if 1 keyslot is ok for you and you do not want to use any e= xtensions in the future, more explanation here https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugs.de= bian.org%2Fcgi-bin%2Fbugreport.cgi%3Fbug%3D932437%2310&data=3D02%7C01%7= Chualing.yu%40jci.com%7Cbddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147ded45b6= 81a19e8ae3459641%7C0%7C0%7C637070656655052689&sdata=3DZqInWp0IIFwUT2tG5= HQ1YviL2Bc9UcM1yevFT8bn66w%3D&reserved=3D0 For the generic area description read design doc https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgitlab.= com%2Fcryptsetup%2FLUKS2-docs&data=3D02%7C01%7Chualing.yu%40jci.com%7Cb= ddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147ded45b681a19e8ae3459641%7C0%7C0%= 7C637070656655052689&sdata=3Dzv66AtTvvXU6jJHbzRfQkJ2zG5aKENRLuiid41KBp6= I%3D&reserved=3D0 For the generic user, if you can, please do not change the default, 16MB is= today really not a big amount of disk storage. (With the exceptions of embedded systems.) Milan > _____________________________________________ > *From:* Hualing Yu > *Sent:* Friday, October 18, 2019 3:02 PM > *To:* 'dm-crypt@saout.de' > *Subject:* 10 M Luks2 header size? > =A0 > =A0 > Hello, > =A0 > I have a question on Luks2 header size.=A0 I created luck2 partition with= only one passphrase slot enabled.=A0 But it seems to take really 10 M spac= e.=A0 Here is the luks dump: >=20 > sh-4.4# cryptsetup luksDump /dev/mmcblk2gp0p2 LUKS header information > Version: 2 > Epoch: 3 > Metadata area: 16384 [bytes] > Keyslots area: 16744448 [bytes] <<<<<<<<<<<<<<<<<<<<<< why keyslots take = so much space? > UUID: 9037890e-0f2b-4d73-b93b-e2bb53579492 > Label: (no label) > Subsystem: (no subsystem) > Flags: (no flags) > Data segments: > 0: crypt > offset: 16777216 [bytes] <<<<<<<<<<<<<<<<<<<<<<< so this means the=20 > space available to user data is after keylots > length: (whole device) > cipher: aes-xts-plain64 > sector: 512 [bytes] > I check in the internet and found all luks2 header dumps show the same va= lues for those two commented entries. > I actually also looked into my device content using dd command, and see i= ndeed the space before 16777216 bytes (10 M) is all scatted filled with som= ething, only after that point, it is all '0'. I zeroed out entire device be= fore doing cryptsetup luksFormat. > Also checked the mapped device size from /dev/mapper/, and fr= om dev/ : > sh-4.4# fdisk -l /dev/mmcblk2gp0p2 > Disk /dev/mmcblk2gp0p2: 392 MB, 411041792 bytes, 802816 sectors > 12544 cylinders, 4 heads, 16 sectors/track > Units: sectors of 1 * 512 =3D 512 bytes > =A0 > Disk /dev/mmcblk2gp0p2 doesn't contain a valid partition table sh-4.4#=20 > sh-4.4# fdisk -l /dev/mapper/gp0p2 Disk /dev/mapper/gp0p2: 376 MB,=20 > 394264576 bytes, 770048 sectors > 47 cylinders, 255 heads, 63 sectors/track > Units: sectors of 1 * 512 =3D 512 bytes > =A0 > 411041792 - 394264576 =3D 16777216 (10M) > =A0 > Is there anything wrong?=A0 Should luks has so much overhead? > I appreciate it greatly if you could share you thinking on this. > =A0 > Thank you, > =A0 > =A0 > Hualing > =A0 > _____________________________________________ > *From:* Hualing Yu > *Sent:* Friday, October 18, 2019 10:22 AM > *To:* _dm-crypt@saout.de_ > *Subject:* question on LUKS2 > =A0 > =A0 > Hello, > =A0 > Is this mailing list still active? > May I still ask questions here? > =A0 > Thanks, > =A0 > =A0 > Hualing > Yu > =A0 > Firmware Engineering > Security Products > Johnson Controls > 6 Technology Park Drive > Westford, MA 01886 > USA > +1 978 577 4171 direct > =A0 > =A0 > =A0 >=20 > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww. > saout.de%2Fmailman%2Flistinfo%2Fdm-crypt&data=3D02%7C01%7Chualing.yu > %40jci.com%7Cbddc0c78fcb24d90ca1308d754630972%7Ca1f1e2147ded45b681a19e > 8ae3459641%7C0%7C0%7C637070656655052689&sdata=3DFXr5jwrKa5oVnlMC0svl > VAk3k55qNL0lUaYkl9NHkvo%3D&reserved=3D0 >=20