From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 12 May 2020 16:28:28 +0200 (CEST)
Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245])
 by v1.tansi.org (Postfix) with ESMTPA id 398DD14016F
 for <dm-crypt@saout.de>; Tue, 12 May 2020 16:28:27 +0200 (CEST)
Date: Tue, 12 May 2020 16:28:27 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20200512142827.GA25380@tansi.org>
References: <FZAvYixae2HegYxvSP6meNis1FzQ5yvTT4TOPOeE7xEAbECPaFNztIWX8Q9yRWsD67bThFV1CF3Q6wQchS7FPFjLmO1x6hRVy_gQ3lx3bd8=@fomin.one>
 <d9467f05-1e69-4f26-950e-4832a43e1bad@gmail.com>
 <144c987674b937a9fdd96f69d8e88743fbce1a42.camel@yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <144c987674b937a9fdd96f69d8e88743fbce1a42.camel@yahoo.com>
Subject: Re: [dm-crypt] FAQ  :WAS: LUKS2 on disk format
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi JT,

thanks I had already planned to add this one.

Regards,
Arno

On Tue, May 12, 2020 at 01:15:27 CEST, JT wrote:
> I had a similar question on my list.  This would be a good one for the
> revised FAQ.
> 
> Q:  What is the size of the LUKS2 header?
> A:  the LUKS header size is configurable.  16MB is the default size. 
> It can be changed by .....
> 
> Q: Does all metadata exist in the header?  Can I be sure that there is
> no LUKS metadata somewhere in the middle or in the end of the drive?  
> A: Yes, all LUKS metadata is stored in the LUKS heaer.  (Most of the
> area is reserved for keyslots, used in online reencryption.)
> 
> There is a small exception if you use experimental integrity protection
> (authenticated encryption) where dm-crypt is stacked over dm-integrity
> device.  In that case there is a dm-integrity superblock at the
> beginning of data area which contains only configuration of dm-integrity metadata.  No LUKS metadata is stored in this location. The superblock is required by the kernel dm-integrity implementation.
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier