[dm-crypt] The future of disk encryption with LUKS2

Sven Eschenberg sven at whgl.uni-frankfurt.de
Wed Feb 10 16:09:08 CET 2016

Actually PARTUUID should have read PARTTYPE-GUID - So there's no reason 
why moving it to a different partition should not work, updating the 
PARTTYPE is a trivial step and part of a proper moving operation anyway.

Just imagine the network's linklayer had no idea which upper layer to 
call, because there's no information on that. TCP/IP again does not have 
that type of information.

So either the layering order is fixed and determined, or you actually 
will need intra-layer relationships for proper operation. As an 
alternative, leave it to the user's knowledge and handling. But then we 
don't need partition tables, LUKS-headers or anything else either, 
afterall you can tell each layer the geometry and parameters manually 
and use dmsetup for all your tasks.



Am 10.02.2016 um 15:35 schrieb Robert Nichols:
> On 02/10/2016 07:48 AM, Sven Eschenberg wrote:
>> BTW: Personally I think that one thing in the blockdevice stack was
>> screwed up severely: Always have information on the upper layer in the
>> lower layer - That would eliminate most issues. On the lowest layer we
>> do have that information (PARTUUID/PARTTYPE), it is just mostly ignored.
> It's good that it's ignored.  If anything stopped working just because
> I moved a LUKS container to a different partition or device, I would
> get rid of LUKS immediately and just use plain dm-crypt.  Adding
> unnecessary inter-relationships is a _bad_ thing.

More information about the dm-crypt mailing list