|
|
ff33a1 |
From 2aba050e74dc5df483da022dcf436b101c7a4301 Mon Sep 17 00:00:00 2001
|
|
|
ff33a1 |
From: Vojtech Trefny <vtrefny@redhat.com>
|
|
|
ff33a1 |
Date: Wed, 11 Jan 2023 14:59:24 +0100
|
|
|
ff33a1 |
Subject: [PATCH] Default to encryption sector size 512 for LUKS devices
|
|
|
ff33a1 |
|
|
|
ff33a1 |
We are currently letting cryptsetup decide the optimal encryption
|
|
|
ff33a1 |
sector size for LUKS. The problem is that for disks with physical
|
|
|
ff33a1 |
sector size 4096 cryptsetup will default to 4096 encryption sector
|
|
|
ff33a1 |
size even if the drive logical sector size is 512 which means
|
|
|
ff33a1 |
these disks cannot be combined with other 512 logical sector size
|
|
|
ff33a1 |
disks in LVM. This requires a more sophisticated solution in the
|
|
|
ff33a1 |
future, but for now just default to 512 if not specified by the
|
|
|
ff33a1 |
user otherwise.
|
|
|
ff33a1 |
|
|
|
ff33a1 |
Resolves: rhbz#2103800
|
|
|
ff33a1 |
---
|
|
|
ff33a1 |
blivet/formats/luks.py | 10 +++++++---
|
|
|
ff33a1 |
tests/unit_tests/formats_tests/luks_test.py | 2 +-
|
|
|
ff33a1 |
2 files changed, 8 insertions(+), 4 deletions(-)
|
|
|
ff33a1 |
|
|
|
ff33a1 |
diff --git a/blivet/formats/luks.py b/blivet/formats/luks.py
|
|
|
ff33a1 |
index 8de4911f..2637e0c5 100644
|
|
|
ff33a1 |
--- a/blivet/formats/luks.py
|
|
|
ff33a1 |
+++ b/blivet/formats/luks.py
|
|
|
ff33a1 |
@@ -166,9 +166,13 @@ class LUKS(DeviceFormat):
|
|
|
ff33a1 |
if self.pbkdf_args.type == "pbkdf2" and self.pbkdf_args.max_memory_kb:
|
|
|
ff33a1 |
log.warning("Memory limit is not used for pbkdf2 and it will be ignored.")
|
|
|
ff33a1 |
|
|
|
ff33a1 |
- self.luks_sector_size = kwargs.get("luks_sector_size") or 0
|
|
|
ff33a1 |
- if self.luks_sector_size and self.luks_version != "luks2":
|
|
|
ff33a1 |
- raise ValueError("Sector size argument is valid only for LUKS version 2.")
|
|
|
ff33a1 |
+ self.luks_sector_size = kwargs.get("luks_sector_size")
|
|
|
ff33a1 |
+ if self.luks_version == "luks2":
|
|
|
ff33a1 |
+ if self.luks_sector_size is None:
|
|
|
ff33a1 |
+ self.luks_sector_size = 512 # XXX we don't want cryptsetup choose automatically here so fallback to 512
|
|
|
ff33a1 |
+ else:
|
|
|
ff33a1 |
+ if self.luks_sector_size:
|
|
|
ff33a1 |
+ raise ValueError("Sector size argument is valid only for LUKS version 2.")
|
|
|
ff33a1 |
|
|
|
ff33a1 |
def __repr__(self):
|
|
|
ff33a1 |
s = DeviceFormat.__repr__(self)
|
|
|
ff33a1 |
diff --git a/tests/unit_tests/formats_tests/luks_test.py b/tests/unit_tests/formats_tests/luks_test.py
|
|
|
ff33a1 |
index 5ae6acfe..ec7b7592 100644
|
|
|
ff33a1 |
--- a/tests/unit_tests/formats_tests/luks_test.py
|
|
|
ff33a1 |
+++ b/tests/unit_tests/formats_tests/luks_test.py
|
|
|
ff33a1 |
@@ -53,7 +53,7 @@ class LUKSNodevTestCase(unittest.TestCase):
|
|
|
ff33a1 |
|
|
|
ff33a1 |
def test_sector_size(self):
|
|
|
ff33a1 |
fmt = LUKS()
|
|
|
ff33a1 |
- self.assertEqual(fmt.luks_sector_size, 0)
|
|
|
ff33a1 |
+ self.assertEqual(fmt.luks_sector_size, 512)
|
|
|
ff33a1 |
|
|
|
ff33a1 |
with self.assertRaises(ValueError):
|
|
|
ff33a1 |
fmt = LUKS(luks_version="luks1", luks_sector_size=4096)
|
|
|
ff33a1 |
--
|
|
|
ff33a1 |
2.39.0
|
|
|
ff33a1 |
|