[dm-crypt] Re: misaligned ending sector, 4096-byte luks sector size can't be used

DM-Crypt Archive mirror
 help / color / mirror / Atom feed

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: [dm-crypt] Re: misaligned ending sector, 4096-byte luks sector size can't be used
Date: Tue, 25 Jan 2022 13:20:56 +0100	[thread overview]
Message-ID: <20220125122055.GA29580@tansi.org> (raw)

On Mon, Jan 24, 2022 at 23:10:34 CET, Milan Broz wrote:
> On 24/01/2022 18:07, Chris Murphy wrote:
[...]
> The whole idea of misaligned backup GPT at the end of device is broken.
> We should not follow that with adding hacks when the easy solution
> is just to align a partition properly.

I fully agree to that. It is like having a virtual sector size and 
then selectively in some places only not sticking to it. Not smart 
and a gross KISS violation. And, of course, fundamental problems
like this one should always be fixed were they are caused. Heaping 
hacks and special treatment on top of it just makes the situation a 
lot worse. Better to live with the problem that making it worse.

> Years ago there was a general agreement to align partition start 
> to 1 MiB offset, I think we should do the same for the partition 
> length.

I fully agree to that. The only downside I see to that is that 
you create some spaces that some malware could store information in.
But you have that anyways in lots of places, so it is not really 
a downside. For the case of wiping a disk you should wipe the raw
device anyways, not just partitions.

> > Therefore it seems suboptimal to fall back to 512-byte LUKS
> > sector size, or for luksFormat --sector-size 4096 to fail. Is there a
> > way for cryptsetup to just map out the dangling 1-7 512-byte sectors
> > at the end? They are useless anyway in this case, but the partitioning
> > tools aren't in a position to know the use case. The last 1-7 sectors
> > are legitimately individually addressable so it's not incorrect for
> > the partitioning tool to include them in the last partition on the
> > device.
> 
> The default is to not store device length in LUKS header - so it follows
> underlying device resize.

And that is a really good design. Single source of truth and all that.

> If you set sector size to 4k, then the unaligned sectors are no longer
> "legitimately" addressable (dm-crypt will set 4k as "physical" sector,
> IOW as atomic unit of the device). I understand that some filesystems use
> hacks to ignore this, but it is really not a system solution.

And it is a solution that likely will create hard to understand and 
hard to debug problems at some point in the future. Not good.

Unfortunately, even the Linux OS community has its share of people 
that do not really understand why KISS is so fundamental for all 
good engineering and that do not really consider what happens if 
some things change in the future and hence write non-resilient
stuff or stuff with surprising properties without any real need. 
In established engineering disciplines, this is called "an accident
waiting to happen" and a lot of the engineering education focuses
on avoiding those. In CS/IT/SW-Eng almost all teaching is still 
just on how to make things, not on how to make them well. 

Regards,
Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

next             reply	other threads:[~2022-01-25 12:31 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-25 12:20 Arno Wagner [this message]
2022-01-27 13:21 ` [dm-crypt] Re: misaligned ending sector, 4096-byte luks sector size can't be used Milan Broz
2022-01-27 18:18   ` Christoph Anton Mitterer
2022-01-27 22:32     ` Chris Murphy
2022-01-27 22:35       ` Chris Murphy
  -- strict thread matches above, loose matches on Subject: below --
2022-01-24 17:07 [dm-crypt] " Chris Murphy
2022-01-24 22:10 ` [dm-crypt] " Milan Broz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220125122055.GA29580@tansi.org \
    --to=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).