Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configurable sector size for crypt device? #101

Open
saz opened this issue Jul 26, 2024 · 1 comment
Open

Configurable sector size for crypt device? #101

saz opened this issue Jul 26, 2024 · 1 comment

Comments

@saz
Copy link

saz commented Jul 26, 2024

I'm running into an issue with some NVMe devices with a logical block size of 512 bytes and a physical block size of 4096 bytes.

Since cryptsetup 2.4.0 luksFormat will automatically detect the optimal encryption sector size. For me, this will result in a 4096 bytes sector size, which would be fine, but I'm trying to use the server as a host for virtual machines, which must use 512 bytes (see ganeti/instance-debootstrap#2 for some more details).

root@gnt16 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9
Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 937384784 sectors
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 131072 bytes / 131072 bytes
root@gnt16 ~ #

root@gnt16 ~ # nvme id-ns -H /dev/nvme0n1 | grep "Relative Performance"
LBA Format  0 : Metadata Size: 0   bytes - Data Size: 512 bytes - Relative Performance: 0 Best (in use)
LBA Format  1 : Metadata Size: 0   bytes - Data Size: 4096 bytes - Relative Performance: 0 Best
root@gnt16 ~ #

Setting the encryption sector size with --sector-size=512 passed to cryptsetup, will set the logical block size to 512 bytes

root@gnt14 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9
Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
root@gnt14 ~ #

It's also possible to change the sector size by running cryptsetup reencrypt --sector-size=512 /dev/md1 without data being lost. After a reboot, such a device looks like this

root@gnt14 ~ # fdisk -l /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f
Disk /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
root@gnt14 ~ #

I'm happy to send in a PR, which adds a new config option to make this configurable, to avoid running cryptsetup reencrypt as this might take a lot of time.
@bastelfreak
Copy link
Contributor

@saz hi!
I'm afraid I cannot help you here anymore, but glad to see you here as well!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bastelfreak @saz