On 02/06/2010 12:48 AM, mark wrote: > For a while I've been using LUKS/dm-crypt with LVM2 to secure hard > drives in laptops and servers. Recently I've moved one of my filesystems > onto a solid-state drive (Intel X25-M-G2 80GB with latest firmware). > > There are some excellent instructions here > http://thunk.org/tytso/blog/2009/02/20/aligning-filesystems-to-an-ssds-erase-block-size/ Beware - that page is completely obsolete regarding lvm2 now! Recent version have much more better support for data alignment (with new kernels it should be automatic) > on how to align ext4 and LVM to the erase block size of the SSD. However > I've not been able to find a recipe for optimising an encrypted > filesystem in the same way. > > A typical usage case for me would be this, from following defaults for > encrypted lvm on the Debian installer: > > /dev/sda1 79GB crypt-luks > /dev/mapper/sda1_crypt holds PV for LVM2 > PV has a VG with two LVs, 4GB swap and the rest for ext4 / > /dev/sda5 256MB ext2 /boot > > Could anyone explain how I might go about aligning/optimising this, or > point me to some instructions? Am I better putting lvm over luks or luks > over lvm? Or something entirely different? Just in short: (cryptsetup will get support for automatic alignment according to kernel exported device parameters soon, so all this will be automatic) - the underlying device must be aligned (if using partitions, be sure you have start of partition aligned, better use "fdisk -u" to calculate in sectors. If not sure, align to 1M or even 4M offset, this will always fit:-) (fdisk from latest util-linux-ng should support automatic alignment) - be sure that lvm2 PV metadata (data start) is always aligned (see pvcreate --dataalignment parameter) (latest lvm2 already have support for automatic data alignment if kernel exports proper alignment data) - for cryptetup/LUKS - use "--align-payload" parameter (default is alignment to 4k boundary, not enough for SSD). Note that parameter is in 512 bytes sectors! e.g. you want to align to 4MB boundary ( = 8192 * 512 bytes), use cryptsetup luksFormat --align-payload=8192 ... verify with cryptsetup luksDump (see Payload offset) (I usually set lvm2 extent size to 4MB and aling LUKS the same, so the LUKS header takes exactly one extent.) - and finally, you should optimize FS above that device stack (From the kernel point of view, there is no difference if you put lvm2 over LUKS or vice versa - both should work the same. Just configuration is different, I have some old slides describing activation of volumes here http://mbroz.fedorapeople.org/talks/LinuxAlt2008-eng/ ) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
