On 09/04/2021 20:46, Schneider, Robert wrote: > Hi, > > Is there a way to get transactions over multiple metadata operations when using libcryptsetup? > > Imagine I have some mechanism for unlocking which requires information from a token associated to a keyslot. Now I'd like to update that information in the token together with the keyslot. > But if the machine reboots in between the API calls, I believe my unlock mechanism would be broken - for example, when I've updated the keyslot but still have the old token. > > I could not find an operation to update a token atomically, nor any transaction operations (like open transaction, commit) in the API. I've had a quick glance at the source code and it looks to me like the header is updated in memory and finally written to disk with replica, using a sequence number. This suggests to me that transactions should be relatively easy to implement. However I don't see the full picture of course, so I'd like to know your opinion. > > As an alternative to transactions within the libcryptsetup API, it looks like it's possible to perform a header backup, then manipulate the detached (backup) header, and finally restore the header - as long as the volume key is not changed. Do you think that's a reasonable alternative, or are there potential pitfalls here? LUKS2 header is not database and never will be. Implementing transactions smells like overengineering here. For "complex" operations you can recover after failure by removing token metadata and recreate them, it is expected that you still have a backup keyslot or volume key (or header backup). And yes, you can modify backup header externally and then update it. But then the recovery can fail with a partial write or a media failure, so you will end in the same situation you tried to avoid. Milan _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
