Re: [dm-crypt] 10 M Luks2 header size?

[Milan Broz <gmazyland@gmail.com>]

On 18/10/2019 21:24, Hualing Yu wrote:
> Sorry one typo –
> See in red below.
> Thank you very much for the help!

Hi,

Please, could you send your question without using HTML
in the mail next time?

I am usually replaying to the HTML emails, but your mail
is almost unreadable in a text mail client.

For the question, I was able to decode:

Yes, the default LUKS2 header size is 16M, it allocates
much more area for a possible online operation later
(online reencryption).

But it is configurable, and you can decrease pre-allocated areas,
even to the absolute minimum.
It only applies if 1 keyslot is ok for you and you do not want
to use any extensions in the future, more explanation here
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932437#10

For the generic area description read design doc
https://gitlab.com/cryptsetup/LUKS2-docs

For the generic user, if you can, please do not change
the default, 16MB is today really not a big amount of disk storage.
(With the exceptions of embedded systems.)

Milan


> _____________________________________________
> *From:* Hualing Yu
> *Sent:* Friday, October 18, 2019 3:02 PM
> *To:* 'dm-crypt@saout.de' <dm-crypt@saout.de>
> *Subject:* 10 M Luks2 header size?
>  
>  
> Hello,
>  
> I have a question on Luks2 header size.  I created luck2 partition with only one passphrase slot enabled.  But it seems to take really 10 M space.  Here is the luks dump:
> 
> sh-4.4# cryptsetup luksDump /dev/mmcblk2gp0p2
> LUKS header information
> Version: 2
> Epoch: 3
> Metadata area: 16384 [bytes]
> Keyslots area: 16744448 [bytes] <<<<<<<<<<<<<<<<<<<<<< why keyslots take so much space?
> UUID: 9037890e-0f2b-4d73-b93b-e2bb53579492
> Label: (no label)
> Subsystem: (no subsystem)
> Flags: (no flags)
> Data segments:
> 0: crypt
> offset: 16777216 [bytes] <<<<<<<<<<<<<<<<<<<<<<< so this means the space available to user data is after keylots
> length: (whole device)
> cipher: aes-xts-plain64
> sector: 512 [bytes]
> I check in the internet and found all luks2 header dumps show the same values for those two commented entries.
> I actually also looked into my device content using dd command, and see indeed the space before 16777216 bytes (10 M) is all scatted filled with something, only after that point, it is all '0'. I zeroed out entire device before doing cryptsetup luksFormat.
> Also checked the mapped device size from /dev/mapper/<mapped dev>, and from dev/<device> :
> sh-4.4# fdisk -l /dev/mmcblk2gp0p2
> Disk /dev/mmcblk2gp0p2: 392 MB, 411041792 bytes, 802816 sectors
> 12544 cylinders, 4 heads, 16 sectors/track
> Units: sectors of 1 * 512 = 512 bytes
>  
> Disk /dev/mmcblk2gp0p2 doesn't contain a valid partition table
> sh-4.4#
> sh-4.4# fdisk -l /dev/mapper/gp0p2
> Disk /dev/mapper/gp0p2: 376 MB, 394264576 bytes, 770048 sectors
> 47 cylinders, 255 heads, 63 sectors/track
> Units: sectors of 1 * 512 = 512 bytes
>  
> 411041792 – 394264576 = 16777216 (10M)
>  
> Is there anything wrong?  Should luks has so much overhead?
> I appreciate it greatly if you could share you thinking on this.
>  
> Thank you,
>  
>  
> Hualing
>  
> _____________________________________________
> *From:* Hualing Yu
> *Sent:* Friday, October 18, 2019 10:22 AM
> *To:* _dm-crypt@saout.de_ <mailto:dm-crypt@saout.de>
> *Subject:* question on LUKS2
>  
>  
> Hello,
>  
> Is this mailing list still active?
> May I still ask questions here?
>  
> Thanks,
>  
>  
> Hualing
> Yu
>  
> Firmware Engineering
> Security Products
> Johnson Controls
> 6 Technology Park Drive
> Westford, MA 01886
> USA
> +1 978 577 4171 direct
>  
>  
>  
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt
>