[dm-crypt] The future of disk encryption with LUKS2

Sven Eschenberg sven at whgl.uni-frankfurt.de
Wed Feb 10 01:20:17 CET 2016

Am 10.02.2016 um 00:35 schrieb Arno Wagner:
> On Tue, Feb 09, 2016 at 23:08:19 CET, Lars Winterfeld wrote:
>> On 08.02.2016 22:51, Milan Broz wrote:
>>> [Just note to already crazy discussion here - there will be NO LUKS header
>>> at the end of device. Been there with another storage project and
>>> just no - it is not worth problems it causes.]
>> Out of curiosity: what were those problems?
> Same here. Not asking for a justification (if you feel
> it is a mess or other problem, that is quite enough for
> me), just want to understand the issue.
> For proper layering, it should of course allways be
>     [header, payload]
> with the payload having potentially the same format
> if there are more layers below. That is the tradidional
> way to do it. This even has a name, but I do not remember
> it at the moment.

Question is, who defines 'proper' I wonder, what the traditional way of 
doing this would be, if you'ask right-to-left readers ;-).

BTW: RAID signatures have mostly been at the end for ages (not just for 
mdadm), I guess because for mirroring you can use each disk easily 
outside of the mirror and calculation of the layout is simplified for 
RAID 5/6 with a zero offset.

Another possible reason why disklabels always resided at the beginning 
of the disk is: It's easier to access the first sectors of a disk in 
16-Bit asm.

> Was the problem confusion/complexity because this
> layering-sheme was violated?
> Regards,
> Arno

Unfortunately I have no idea what name you are looking for.



More information about the dm-crypt mailing list