I have been trying to create a root partition from initrd with systemd-repart. The repart.d file for this partition is as follow:
[Partition]
Type=root
Label=root
Encrypt=tpm2
Format=ext4
FactoryReset=yes
Type=root
Label=root
Encrypt=tpm2
Format=ext4
FactoryReset=yes
I am just using systemd-repart.service in initrd, without modification (that is, it finds the disk from /sysusr/usr). Even though this is working, the problem I have is that it takes a very long time for the partition to be created. Looking at the logs, it spends most of time in the reencryption.
For 11GB partition on a VM, it takes more than 2 minutes. On the bare metal with a 512 GB nvme disk, it has been running for 3 hours. And it is still not finished.
I do not think cryptsetup reencryption supports holes. Is it normal to have a full reencryption of a disk that was just initialized with mkfs.ext4? If so, could we at least move the effective reencryption after systemd-repart.service, so that the rest of the system can continue to boot?
I am running:
systemd 253.4 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMM
ON +UTMP +SYSVINIT default-hierarchy=unified)
ON +UTMP +SYSVINIT default-hierarchy=unified)
Cryptsetup: v2.6.1
