|
Vojtech Trefny |
f7c69b |
From 2aba050e74dc5df483da022dcf436b101c7a4301 Mon Sep 17 00:00:00 2001
|
|
Vojtech Trefny |
f7c69b |
From: Vojtech Trefny <vtrefny@redhat.com>
|
|
Vojtech Trefny |
f7c69b |
Date: Wed, 11 Jan 2023 14:59:24 +0100
|
|
Vojtech Trefny |
f7c69b |
Subject: [PATCH] Default to encryption sector size 512 for LUKS devices
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
We are currently letting cryptsetup decide the optimal encryption
|
|
Vojtech Trefny |
f7c69b |
sector size for LUKS. The problem is that for disks with physical
|
|
Vojtech Trefny |
f7c69b |
sector size 4096 cryptsetup will default to 4096 encryption sector
|
|
Vojtech Trefny |
f7c69b |
size even if the drive logical sector size is 512 which means
|
|
Vojtech Trefny |
f7c69b |
these disks cannot be combined with other 512 logical sector size
|
|
Vojtech Trefny |
f7c69b |
disks in LVM. This requires a more sophisticated solution in the
|
|
Vojtech Trefny |
f7c69b |
future, but for now just default to 512 if not specified by the
|
|
Vojtech Trefny |
f7c69b |
user otherwise.
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
Resolves: rhbz#2103800
|
|
Vojtech Trefny |
f7c69b |
---
|
|
Vojtech Trefny |
f7c69b |
blivet/formats/luks.py | 10 +++++++---
|
|
Vojtech Trefny |
f7c69b |
tests/unit_tests/formats_tests/luks_test.py | 2 +-
|
|
Vojtech Trefny |
f7c69b |
2 files changed, 8 insertions(+), 4 deletions(-)
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
diff --git a/blivet/formats/luks.py b/blivet/formats/luks.py
|
|
Vojtech Trefny |
f7c69b |
index 8de4911f..2637e0c5 100644
|
|
Vojtech Trefny |
f7c69b |
--- a/blivet/formats/luks.py
|
|
Vojtech Trefny |
f7c69b |
+++ b/blivet/formats/luks.py
|
|
Vojtech Trefny |
f7c69b |
@@ -166,9 +166,13 @@ class LUKS(DeviceFormat):
|
|
Vojtech Trefny |
f7c69b |
if self.pbkdf_args.type == "pbkdf2" and self.pbkdf_args.max_memory_kb:
|
|
Vojtech Trefny |
f7c69b |
log.warning("Memory limit is not used for pbkdf2 and it will be ignored.")
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
- self.luks_sector_size = kwargs.get("luks_sector_size") or 0
|
|
Vojtech Trefny |
f7c69b |
- if self.luks_sector_size and self.luks_version != "luks2":
|
|
Vojtech Trefny |
f7c69b |
- raise ValueError("Sector size argument is valid only for LUKS version 2.")
|
|
Vojtech Trefny |
f7c69b |
+ self.luks_sector_size = kwargs.get("luks_sector_size")
|
|
Vojtech Trefny |
f7c69b |
+ if self.luks_version == "luks2":
|
|
Vojtech Trefny |
f7c69b |
+ if self.luks_sector_size is None:
|
|
Vojtech Trefny |
f7c69b |
+ self.luks_sector_size = 512 # XXX we don't want cryptsetup choose automatically here so fallback to 512
|
|
Vojtech Trefny |
f7c69b |
+ else:
|
|
Vojtech Trefny |
f7c69b |
+ if self.luks_sector_size:
|
|
Vojtech Trefny |
f7c69b |
+ raise ValueError("Sector size argument is valid only for LUKS version 2.")
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
def __repr__(self):
|
|
Vojtech Trefny |
f7c69b |
s = DeviceFormat.__repr__(self)
|
|
Vojtech Trefny |
f7c69b |
diff --git a/tests/unit_tests/formats_tests/luks_test.py b/tests/unit_tests/formats_tests/luks_test.py
|
|
Vojtech Trefny |
f7c69b |
index 5ae6acfe..ec7b7592 100644
|
|
Vojtech Trefny |
f7c69b |
--- a/tests/unit_tests/formats_tests/luks_test.py
|
|
Vojtech Trefny |
f7c69b |
+++ b/tests/unit_tests/formats_tests/luks_test.py
|
|
Vojtech Trefny |
f7c69b |
@@ -53,7 +53,7 @@ class LUKSNodevTestCase(unittest.TestCase):
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
def test_sector_size(self):
|
|
Vojtech Trefny |
f7c69b |
fmt = LUKS()
|
|
Vojtech Trefny |
f7c69b |
- self.assertEqual(fmt.luks_sector_size, 0)
|
|
Vojtech Trefny |
f7c69b |
+ self.assertEqual(fmt.luks_sector_size, 512)
|
|
Vojtech Trefny |
f7c69b |
|
|
Vojtech Trefny |
f7c69b |
with self.assertRaises(ValueError):
|
|
Vojtech Trefny |
f7c69b |
fmt = LUKS(luks_version="luks1", luks_sector_size=4096)
|
|
Vojtech Trefny |
f7c69b |
--
|
|
Vojtech Trefny |
f7c69b |
2.39.0
|
|
Vojtech Trefny |
f7c69b |
|