Whoops, forgot to reply-all and replied directly to Lennart. Forwarding to the ML
---------- Forwarded message ---------
From: Adrian Vovk <adrianvovk@xxxxxxxxx>
Date: Thu, Mar 2, 2023 at 16:59
Subject: Re: [systemd-devel] Immutable Images: Single Data Patition
To: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
From: Adrian Vovk <adrianvovk@xxxxxxxxx>
Date: Thu, Mar 2, 2023 at 16:59
Subject: Re: [systemd-devel] Immutable Images: Single Data Patition
To: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
> /home/ with dm-integrity or OPAL for trust, TPM-bound, with homed managed homedirs inside that do encryption
How big is the dm-integrity write performance hit? My understanding is
that it is 2x slower, though I don't recall where I got this info.
Maybe it'd be more beneficial to push through authenticated BTRFS into
the kernel and only support BTRFS on the unencrypted home partition?
This replaces btrfs's hashes with crypto hashes keyed on whatever,
which allows us to do the equivalent of dm-integrity but w/o the
performance hit (in theory)
> With that you'd have to figure out three sizes, i.e. how to size 2/3, how to size 4 and how to size 5.
Yes we're on the same page here
> And suddenly we'd have a spec that would be particularly powerful and generic: you could use it for subvols, for dirs, or for loopback files, and mix and match freely, and it would always behave somewhat the same way
Makes sense. Is there someone I can collaborate with and/or somewhere
to go to talk about this and maybe get that TODO resolved &
implemented?
> dm-linear
Would we be able to reclaim the data if the partition shrinks? For
instance, if the user changes jobs and no longer needs containers, so
they delete many gb of containers out of /var. Will we be able to
shrink the rootfs partition and then merge chunks back into the
extension partition (or make a separate extension partition if the
disk is already fragmented?)
How would we manage the size of the filesystem? Overcommit it to the
size of the extension partition, but keep it minimal on disk? Have
adjustable headroom? Will we expect the user to adjust the headroom?
> Interesting that ChromeOS and Android came to different solutions there
Indeed
Best,
Adrian
Sent from Gmail Mobile
