Re: Why is it necessary to "wipe" an authenticated luks2 device when creating it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 9/26/19 2:41 AM, Milan Broz wrote:
On 25/09/2019 21:40, .. ink .. wrote:
I just added an ability to create an authenticated luks2 device in
zuluCrypt[1] and i am
wondering why these volumes need to be wiped when created. I made it work by
looking at how cryptsetup does it but i don't understand why because i
have so far
failed to find any documentation about it.

I think it is explained in the referenced paper, we should add a FAQ about it.

Initial wipe recalculates integrity tags - so you can read the device afterward.

If you skip initialization (wipe), integrity tags for all sectors is incorrect
and read will return integrity failure (EILSEQ errno).

In theory, it is not a problem ("do not read what you did not write").

But it reality it cases many programs to fail because it can access device
through page cache. If the *write* is not aligned to a page, page cache tries
to first read content, then update content, and write it back to the device.

But as said above, all read fails because integrity tags are not initialized,
thus even page-unaligned writes can fail.
(I have seen this problem even in programs like mkfs, where it is apparent bug.)

So, LUKS2 is incompatible with LVM thin provisioning or other sparse storage
formats like QCOW2. Good to know.

--
Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux