From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com
 [IPv6:2a00:1450:4864:20::329])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 29 Oct 2019 14:07:46 +0100 (CET)
Received: by mail-wm1-x329.google.com with SMTP id g7so2494497wmk.4
 for <dm-crypt@saout.de>; Tue, 29 Oct 2019 06:07:45 -0700 (PDT)
References: <CH2P132MB0187421E3EE93C734348DBB0876C0@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
 <de8cd1bc-46ee-90f5-21bf-5d1e92a17de1@gmail.com>
 <CH2P132MB0187AD2264194C730E03C7B8876F0@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
 <CH2P132MB0187355415BBA6FAA578C79A876F0@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
 <4eea62ab-e121-d069-9be2-048b09cf301e@gmail.com>
 <CH2P132MB0187F6574C7736A42B09AFFA87690@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
 <CH2P132MB01877105D585DC5F093FE30787670@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
 <a415dc42-dbc9-9b7e-6501-b4b5ed4da606@gmail.com>
 <CH2P132MB0187418DB7BD6C9DF85EC5C587660@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <4fd9084a-e78d-6c16-edb7-2dec936023dc@gmail.com>
Date: Tue, 29 Oct 2019 14:07:43 +0100
MIME-Version: 1.0
In-Reply-To: <CH2P132MB0187418DB7BD6C9DF85EC5C587660@CH2P132MB0187.NAMP132.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="windows-1252"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] 10 M Luks2 header size?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Hualing Yu <hualing.yu@jci.com>, "dm-crypt@saout.de" <dm-crypt@saout.de>

On 28/10/2019 14:50, Hualing Yu wrote:
> I am sorry that I cannot resist asking more questions as your answer
> indicate more opportunities 8-)  If they are very simple to you to
> answer, thank you for just drop a few lines; if not, you can simply
> ignore.
>=20
> 1.      You said =93=85if you have no extra user JSON data stored there=
=94.
> Can we use that area to store additional user data?  How?

You can create custom token type and import directly JSON through cryptsetup
token import command. There is just mandatory type object, otherwise it can=
 be
arbitrary valid JSON.

(I plan to write some article about it but I promised this months ago ... :=
-)
=20
> 2.      To check if a LUKS is in good condition, can we just use
> isLuks command?  Does this cmd trigger some internal sanitary
> checking?

Hm, in theory yes (it calls functions that will do autorecovery),
so side effect is that it validates JSON areas.

But note that any LUKS load will recover invalid JSON area if there
is one area valid (it requires access to cryptsetup locks directory and
of course write access rights to the image/device).

IOW it should "autorepair". If not possible, commands starts to fail
as there is no LUKS2 header.

Milan