From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sun, 20 Oct 2019 12:07:37 +0200 (CEST) Received: by mail-wr1-x42b.google.com with SMTP id r3so10600634wrj.6 for ; Sun, 20 Oct 2019 03:07:37 -0700 (PDT) References: From: Milan Broz Message-ID: <4eea62ab-e121-d069-9be2-048b09cf301e@gmail.com> Date: Sun, 20 Oct 2019 12:07:34 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Language: en-US Content-Transfer-Encoding: quoted-printable Subject: Re: [dm-crypt] 10 M Luks2 header size? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Hualing Yu , "dm-crypt@saout.de" Hi, this information should be later in FAQ, so I try to explain it here. Anyway, stay with defaults, if you can. On 19/10/2019 21:59, Hualing Yu wrote: >=20 > May I ask a couple of additional questions about this so that we know how= to trade off. > =A0 >=20 > 1. What the reencryption can do for us? Could you explain very > briefly as I=92m not sure if we need it? In principle it can perform changes that requires full-device rewrite (chan= ge of the volume key). See man cryptsetup-reencrypt - just for LUKS2 it is more reliable and mainl= y online (you can use device while it is in reencryption process). See slides from Ondra https://okozina.fedorapeople.org/online-disk-reencryption-with-luks2-comp= act.pdf There should be also some online demos Reencryption demo: https://asciinema.org/a/268573 Encryption demo: https://asciinema.org/a/268574 For this we require some reserved area for storing temporary encryption dat= a. > 2. We need only one or at most two keyslots but we do want them > to be scattered as much as needed just as if for the default case, > what we can do? Use =96luks2-keyslots-size=3D1 M (or whatever size that > will give two key enough space to scatter)? There are two areas (see LUKS2 docs) - JSON area for metadata and binary ar= ea. JSON has small binary header, than JSON data (it is 16k currently, stored t= wice). For the binary area, it depends what you need, exact size depends on the st= ored key size (here the binary keyslot data are stored, exactly the same as in L= UKS1). I would expect you are using current default for disk encryption, AES256-XT= S. Then you need to store 512bit (2x256bit) key in each binary keyslot. With the LUKS AF filter and 4k alignment it should be 256KiB of binary data= per keyslot. So for 1M and 512bit key it allows 4 LUKS keyslots here. > 3. What the size of metadata size for default configuration? > What=92s the downside of using 16 K? The whole LUKS2 default header takes 16MiB. For JSON area it is 16k, stored twice (we will increase it later, this is f= or compatibility reasons), for binary area - it is "16M - 2x16k" (16M minus JSON areas). There is only several possible sizes of JSON area you can use (see LUKS2 do= cs), binary area is basically arbitrary with maximum 128M, it must be aligned to= 4k sectors. JSON areas allows to store user token metadata, so if you do not need it, n= o need to enlarge it. Thanks, Milan