https://fedoraproject.org/wiki/Changes/LUKSEncryptionSectorSize == Summary == Autodetect optimal encryption sector size during Fedora installation with LUKS/dm-crypt encryption. On devices with 4k (physical) sector size, this will make sure we use 4096 sector size which is optimal for these devices. == Owner == * Name: [[User:okozina|Ondrej Kozina]], [[User:vtrefny|Vojtech Trefny]] * Email: okozina AT redhat.com, vtrefny AT redhat.com == Detailed Description == Anaconda installer (or to be more precise, the libraries Anaconda uses for storage configuration) currently sets sector size for LUKS devices to 512 regardless the of actual physical sector size of the underlying disk device. The latest cryptsetup release added an option to let cryptsetup automatically detect the optimal sector size based on the (physical) sector size of the backing device. By using this new option we can make sure that Anaconda uses the optimal sector size for newly created LUKS devices during installation. This means we will use sector size of 4096 for devices with 4k physical sector size increasing IO performance with these devices. == Scope == * Proposal owners: Changes for both cryptsetup and libblockdev (low-level storage library used by Anaconda) are already merged ([https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/135 cryptsetup]) or submitted ([https://github.com/storaged-project/libblockdev/pull/638 libblockdev]) upstream. We only need to package new versions of these two projects for Fedora 35. No changes will be needed in Anaconda. * Other developers: No work from other developers is needed. * Release engineering: * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: == Upgrade/compatibility impact == Upgraded systems will not be affected by this change, this affects only new LUKS containers created during Fedora installation. Support for specifying custom sector size is one of the features available in LUKS2 ([[Changes/SwitchCryptsetupDefaultToLUKS2|default since Fedora 30]]), no additional changes or special support is needed when working with LUKS2 devices with sector sizes different than 512. == How To Test == Disk with 4k physical sectors is required for testing this change. You can check block size of your drive using `blockdev` from `util-linux` package: # blockdev --getpbsz /dev/nvme0n1 4096 This can be also tested in a virtual machine. You can configure any disk to appear as 4k block size disk in libvirt by adding the following option to the disk XML specification: <blockio logical_block_size="4096" physical_block_size="4096"/> Install Fedora with disk encryption enabled. Using automatic partition with '''Encrypt my data''' enabled is enough for testing. In the installed system use `cryptsetup luksDump /dev/<device>` to check that correct sector size was selected for your device (4096 for disks with 4096 physical sector size): # cryptsetup luksDump /dev/nvme0n1p1 LUKS header information Version: 2 ... Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 '''sector: 4096 [bytes]''' == User Experience == Fedora users shouldn't notice the change, other than a small IO performance boost (IO testing on a 4k sectors NVMe shows around 2-3 % gain when using 4k sectors instead of 512 sectors). == Dependencies == None. == Contingency Plan == * Contingency mechanism: Keep existing behaviour (512 sector size for all devices) * Contingency deadline: Beta Freeze * Blocks release? No -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
