Re: [dm-crypt] dm-integrity standalone - lack of metadata

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 24 June 2018 13:01:06 CEST, Milan Broz <gmazyland@xxxxxxxxx> wrote:
>(added cc to dm-devel annd Mikulas)

>On 06/24/2018 11:53 AM, Harald Braumann wrote:
>> However, the superblock lacks some crucial information:

>yes, I agree. The reason is that dm-integrity was in the first
>place designed for authenticated encryption (to store auth tags).
>Then additional metadata ia stored in LUKS2 header.
I understand.

>For the rest I just I have not enough energy (and real-world use cases)
>to convince Mikulas that we need attributes below in superblock (as the
>dm-integrity
>code is written mostly by him).
>At least for the algorithm I mention this idea several times ;-)
OK, good. I was just afraid that there might be some technical reason and this was out of the question.

>> integritysetup format /dev/sdb2 -v --integrity crc32c --sector-size
>> 4096
>> => 39.6 MiB/s
>>
>> Format with --no-wipe, open the target and use dd:
>> dd if=/dev/zero of=/dev/mapper/int bs=1M
>> => 63 MiB/s
>> 
>> Same as above, but opening without journal (which really isn't
>> required for that step, even if the final target should be journaled):
>> => 135 MiB/s

>Internal wipe also uses activation without journal, it is slow probably
>because we use direct-io (can you add oflag=direct to your dd command?
>Is it the same speed as integritysetup wipe?)
Sorry, I haven't gotten around to it, yet. 

>> /etc/udev/rules.d/70-dm-integrity.rules:
>> 
>> ACTION!="add", GOTO="dm_integrity_end"
>> SUBSYSTEM!="block", GOTO="dm_integrity_end"
>> ENV{ID_FS_TYPE}!="DM_integrity", GOTO="dm_integrity_end"
>> 
>> RUN+="/sbin/integritysetup open $devnode $kernel-integrity
>--integrity crc32c --integrity-no-journal"
>> 
>> LABEL="dm_integrity_end"

>This is not the best way - integritysetup itself need udev
>synchronization, so it will
>race here with udev.
Could you elaborate on that? How does it need udev and could I add anything to the rules to ensure proper synchronization?

>I think we need similar system like /etc/crypttab (or extend crypttab
>of integrity targets).
Thats what I wanted to avoid. I would like it to work like LVM where volumes can be set up automatically with just metadata stored on the device itself.

Best regards
harry

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel



[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux