[dm-crypt] The future of disk encryption with LUKS2

f-dm-c at media.mit.edu f-dm-c at media.mit.edu
Mon Feb 8 22:43:54 CET 2016


    > Date: Mon, 8 Feb 2016 21:51:34 +0100
    > From: Sven Eschenberg <sven at whgl.uni-frankfurt.de>

    > If the data hasn't made it to the drive (or rather is not in transit) 
    > then the change is just discarded leaving us in a stable state.

Please read the first part of discussion below---in particular, Ted's
description of the difference between SGI hardware of the day and
typical PC-class hardware of the day.  If we're analyzing the
consistency of the various headers in the event that power is failing
as we write them, it's not just about whether the write happened or
not or whether the hardware sector is corrupted from the drive's
perspective---it's also whether we can trust a sector the drive
thinks is okay but turns out not to be from our standpoint.

    > > http://zork.net/~nick/mail/why-reiserfs-is-teh-sukc

It is entirely possible that you could ask the drive to write garbage
and it would succeed.  It really isn't safe to make any assumptions
about how an entire machine -might- work as power is failing; in
general, the manufacturer (of any piece, much less the whole) has
not guaranteed you anything about its behavior, and it could do
anything.  Just because -your- machine does something doesn't mean
all users' machines out there will do the same thing.


More information about the dm-crypt mailing list