[dm-crypt] The future of disk encryption with LUKS2

Michael Kjörling michael at kjorling.se
Sat Feb 6 11:01:40 CET 2016


On 6 Feb 2016 04:18 +0100, from sven at whgl.uni-frankfurt.de (Sven Eschenberg):
> (A secondary header implies that
> all changes on both headers need to be atomic and in sync. While
> this is doable, LVM clearly shows, that it is not trivial, otherwise
> it would certainly be available as feature by now).

I'm not so sure it does imply that. It does certainly imply the need
to know that a, and which one out of the lot, header is most up to
date, but that does not necessarily require writes to both to be done
atomically and in sync. (In fact, truly atomic, in-sync writes to
multiple distinct locations seems a physical impossibility at least in
the case of a single spinning disk, since the write head can only be
in one location at any one time.)

This is where the "update counter" and a checksum that I mentioned
earlier comes in. An example of how to actually do this might be to
first discard (or perhaps rather, remove from consideration) any
header which doesn't match its checksum (for integrity purposes), then
use the one with the highest update counter value (taking care to
allow for wraparound) as a starting point for the operation at hand,
then rewrite any previously discarded headers (ideally writing the
checksum last, such that the header remains considered invalid until
it has been fully rewritten).

Or maybe even better, rewrite a previously considered invalid header
(if any) first; that should ensure that as long as the storage itself
works properly, if any header is ever valid at the beginning of an
operation, there exists at all times at least one header which is
valid.

By placing the headers far apart from each other, this forces at least
spinning disks to seek, which naturally introduces a sequence point
into the write process; even if the two write requests were to be put
onto the I/O bus at the same instant, one write must complete before
the other can physically begin. (Finally, a good use for the seek
delay in rotational storage!)

This should work equally well for any number of header copies.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the dm-crypt mailing list