DiamantTh/installimage
1
0
Fork 0
Code Issues 16 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Configurable sector size for crypt device? #101

New issue
Open
opened 2024-07-26 23:26:41 +02:00 by saz · 1 comment
saz commented 2024-07-26 23:26:41 +02:00 (Migrated from github.com)
Copy link

I'm running into an issue with some NVMe devices with a logical block size of 512 bytes and a physical block size of 4096 bytes.

Since cryptsetup 2.4.0 luksFormat will automatically detect the optimal encryption sector size. For me, this will result in a 4096 bytes sector size, which would be fine, but I'm trying to use the server as a host for virtual machines, which must use 512 bytes (see https://github.com/ganeti/instance-debootstrap/pull/2 for some more details).

root@gnt16 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9
Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 937384784 sectors
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 131072 bytes / 131072 bytes
root@gnt16 ~ #

root@gnt16 ~ # nvme id-ns -H /dev/nvme0n1 | grep "Relative Performance"
LBA Format  0 : Metadata Size: 0   bytes - Data Size: 512 bytes - Relative Performance: 0 Best (in use)
LBA Format  1 : Metadata Size: 0   bytes - Data Size: 4096 bytes - Relative Performance: 0 Best
root@gnt16 ~ #

Setting the encryption sector size with --sector-size=512 passed to cryptsetup, will set the logical block size to 512 bytes

root@gnt14 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9
Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
root@gnt14 ~ #

It's also possible to change the sector size by running cryptsetup reencrypt --sector-size=512 /dev/md1 without data being lost. After a reboot, such a device looks like this

root@gnt14 ~ # fdisk -l /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f
Disk /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
root@gnt14 ~ #

I'm happy to send in a PR, which adds a new config option to make this configurable, to avoid running cryptsetup reencrypt as this might take a lot of time.

I'm running into an issue with some NVMe devices with a logical block size of 512 bytes and a physical block size of 4096 bytes. Since cryptsetup 2.4.0 `luksFormat` will automatically detect the optimal encryption sector size. For me, this will result in a 4096 bytes sector size, which would be fine, but I'm trying to use the server as a host for virtual machines, which must use 512 bytes (see https://github.com/ganeti/instance-debootstrap/pull/2 for some more details). ``` root@gnt16 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9 Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 937384784 sectors Units: sectors of 1 * 4096 = 4096 bytes Sector size (logical/physical): 4096 bytes / 4096 bytes I/O size (minimum/optimal): 131072 bytes / 131072 bytes root@gnt16 ~ # ``` ``` root@gnt16 ~ # nvme id-ns -H /dev/nvme0n1 | grep "Relative Performance" LBA Format 0 : Metadata Size: 0 bytes - Data Size: 512 bytes - Relative Performance: 0 Best (in use) LBA Format 1 : Metadata Size: 0 bytes - Data Size: 4096 bytes - Relative Performance: 0 Best root@gnt16 ~ # ``` Setting the encryption sector size with `--sector-size=512` passed to cryptsetup, will set the logical block size to 512 bytes ``` root@gnt14 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9 Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes root@gnt14 ~ # ``` It's also possible to change the sector size by running `cryptsetup reencrypt --sector-size=512 /dev/md1` without data being lost. After a reboot, such a device looks like this ``` root@gnt14 ~ # fdisk -l /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f Disk /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes root@gnt14 ~ # ``` I'm happy to send in a PR, which adds a new config option to make this configurable, to avoid running `cryptsetup reencrypt` as this might take a lot of time.
bastelfreak commented 2024-07-26 23:37:51 +02:00 (Migrated from github.com)
Copy link

@saz hi!
I'm afraid I cannot help you here anymore, but glad to see you here as well!

@saz hi! I'm afraid I cannot help you here anymore, but glad to see you here as well!
😆 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
not a bug

   
question

   
wontfix
No labels
bug
duplicate
enhancement
help wanted
invalid
not a bug
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
DiamantTh/installimage#101
No description provided.