On 11/05/2020 21:07, Maksim Fomin wrote: > After reading LUKS2 on-disk format specification, I have one main > question - does LUKS2 data resides entirely on header, which occupies > first 16 mib (at most) of block device? Yes, all LUKS metadata are stored in th eLUKS heaer. But the LUKS header size is configurable (it is not fixed to 16MB, 16MB is just the default size) (And most of the area is reserved for keyslots, used in online reencryption.) > Is is safe to assume that > there is no LUKS metadata somewhere in the middle or in the end of > the drive? Yes. There is small exception if you use experimental integrity protection (authenticated encryption) where dm-crypt is stacked over dm-integrity device. Then there is dm-integrity superblock in the beginning of data area. (But this superblovk contains only configuration of dm-integrity metadata; no LUKS metadata are stored there. This superblock is required by the kernel dm-integrity implementation.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
