Antw: [EXT] Re: Authenticated Boot: dm-integrity modes

["Ulrich Windl" <Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx>]

>>> Wol <antlists@xxxxxxxxxxxxxxx> schrieb am 28.11.2021 um 21:56 in Nachricht
<ca93b57c-d6a5-2914-05de-a11ac96c75e0@xxxxxxxxxxxxxxx>:
> On 28/11/2021 19:56, Adrian Vovk wrote:
>> - Journal mode: is slow. It atomically writes data+hash, so the 
>> situation I describe above can never happen. However, to pull this off 
>> it writes the data twice. Effectively every layer of journaled 
>> dm-integrity will cut write speeds in half. This isn't too bad to 
>> protect the rootfs since writes there will be rare, but it is terrible 
>> for /home. Layering systemd-homed's LUKS+dm-integrity image on top of 
>> that will cut performance in half again. So with the whole setup 
>> proposed by the blog post (even with dm-verity) writes to home will be 
>> limited to 1/4 of the drive's performance and the data will be written 
>> four times over. On top of performance issues, won't writing the data 4x 
>> wear out SSDs faster? Am I missing something?
> 
> Why can't you just enable journalling in systemd-homed, so we have 
> LUKS+dm-integrity-journalling?
> 
> If the user needs to separate / and /home, isn't that just sensible design?
> 
> As for SSDs, the latest ones, as far as I can tell, have a lifespan 
> measured in years even if they're being absolutely hammered by a stress 
> test. If you're really worried about wearing out an SSD, put the journal 
> on rotating rust, but I think those in the know are likely to tell you 
> that the rust will die before the SSD.

Today most storage technology is being replaced for larger capacity before it's old enough to fail. Some rusts survive many years.
We had some making it for almost 10 years "24x7". SAo SSD we have is old enough.

> 
> Cheers,
> Wol