From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com
 [IPv6:2a00:1450:4864:20::330])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat, 19 Oct 2019 09:07:43 +0200 (CEST)
Received: by mail-wm1-x330.google.com with SMTP id p7so8240534wmp.4
 for <dm-crypt@saout.de>; Sat, 19 Oct 2019 00:07:43 -0700 (PDT)
References: <CH2P132MB0187421E3EE93C734348DBB0876C0@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <de8cd1bc-46ee-90f5-21bf-5d1e92a17de1@gmail.com>
Date: Sat, 19 Oct 2019 09:07:39 +0200
MIME-Version: 1.0
In-Reply-To: <CH2P132MB0187421E3EE93C734348DBB0876C0@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="windows-1252"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] 10 M Luks2 header size?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Hualing Yu <hualing.yu@jci.com>, "dm-crypt@saout.de" <dm-crypt@saout.de>

On 18/10/2019 21:24, Hualing Yu wrote:
> Sorry one typo =96
> See in red below.
> Thank you very much for the help!

Hi,

Please, could you send your question without using HTML
in the mail next time?

I am usually replaying to the HTML emails, but your mail
is almost unreadable in a text mail client.

For the question, I was able to decode:

Yes, the default LUKS2 header size is 16M, it allocates
much more area for a possible online operation later
(online reencryption).

But it is configurable, and you can decrease pre-allocated areas,
even to the absolute minimum.
It only applies if 1 keyslot is ok for you and you do not want
to use any extensions in the future, more explanation here
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D932437#10

For the generic area description read design doc
https://gitlab.com/cryptsetup/LUKS2-docs

For the generic user, if you can, please do not change
the default, 16MB is today really not a big amount of disk storage.
(With the exceptions of embedded systems.)

Milan


> _____________________________________________
> *From:* Hualing Yu
> *Sent:* Friday, October 18, 2019 3:02 PM
> *To:* 'dm-crypt@saout.de' <dm-crypt@saout.de>
> *Subject:* 10 M Luks2 header size?
> =A0
> =A0
> Hello,
> =A0
> I have a question on Luks2 header size.=A0 I created luck2 partition with=
 only one passphrase slot enabled.=A0 But it seems to take really 10 M spac=
e.=A0 Here is the luks dump:
>=20
> sh-4.4# cryptsetup luksDump /dev/mmcblk2gp0p2
> LUKS header information
> Version: 2
> Epoch: 3
> Metadata area: 16384 [bytes]
> Keyslots area: 16744448 [bytes] <<<<<<<<<<<<<<<<<<<<<< why keyslots take =
so much space?
> UUID: 9037890e-0f2b-4d73-b93b-e2bb53579492
> Label: (no label)
> Subsystem: (no subsystem)
> Flags: (no flags)
> Data segments:
> 0: crypt
> offset: 16777216 [bytes] <<<<<<<<<<<<<<<<<<<<<<< so this means the space =
available to user data is after keylots
> length: (whole device)
> cipher: aes-xts-plain64
> sector: 512 [bytes]
> I check in the internet and found all luks2 header dumps show the same va=
lues for those two commented entries.
> I actually also looked into my device content using dd command, and see i=
ndeed the space before 16777216 bytes (10 M) is all scatted filled with som=
ething, only after that point, it is all '0'. I zeroed out entire device be=
fore doing cryptsetup luksFormat.
> Also checked the mapped device size from /dev/mapper/<mapped dev>, and fr=
om dev/<device> :
> sh-4.4# fdisk -l /dev/mmcblk2gp0p2
> Disk /dev/mmcblk2gp0p2: 392 MB, 411041792 bytes, 802816 sectors
> 12544 cylinders, 4 heads, 16 sectors/track
> Units: sectors of 1 * 512 =3D 512 bytes
> =A0
> Disk /dev/mmcblk2gp0p2 doesn't contain a valid partition table
> sh-4.4#
> sh-4.4# fdisk -l /dev/mapper/gp0p2
> Disk /dev/mapper/gp0p2: 376 MB, 394264576 bytes, 770048 sectors
> 47 cylinders, 255 heads, 63 sectors/track
> Units: sectors of 1 * 512 =3D 512 bytes
> =A0
> 411041792 =96 394264576 =3D 16777216 (10M)
> =A0
> Is there anything wrong?=A0 Should luks has so much overhead?
> I appreciate it greatly if you could share you thinking on this.
> =A0
> Thank you,
> =A0
> =A0
> Hualing
> =A0
> _____________________________________________
> *From:* Hualing Yu
> *Sent:* Friday, October 18, 2019 10:22 AM
> *To:* _dm-crypt@saout.de_ <mailto:dm-crypt@saout.de>
> *Subject:* question on LUKS2
> =A0
> =A0
> Hello,
> =A0
> Is this mailing list still active?
> May I still ask questions here?
> =A0
> Thanks,
> =A0
> =A0
> Hualing
> Yu
> =A0
> Firmware Engineering
> Security Products
> Johnson Controls
> 6 Technology Park Drive
> Westford, MA 01886
> USA
> +1 978 577 4171 direct
> =A0
> =A0
> =A0
>=20
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt
>=20