[dm-crypt] The future of disk encryption with LUKS2
sven at whgl.uni-frankfurt.de
Wed Feb 10 16:09:08 CET 2016
Actually PARTUUID should have read PARTTYPE-GUID - So there's no reason
why moving it to a different partition should not work, updating the
PARTTYPE is a trivial step and part of a proper moving operation anyway.
Just imagine the network's linklayer had no idea which upper layer to
call, because there's no information on that. TCP/IP again does not have
that type of information.
So either the layering order is fixed and determined, or you actually
will need intra-layer relationships for proper operation. As an
alternative, leave it to the user's knowledge and handling. But then we
don't need partition tables, LUKS-headers or anything else either,
afterall you can tell each layer the geometry and parameters manually
and use dmsetup for all your tasks.
Am 10.02.2016 um 15:35 schrieb Robert Nichols:
> On 02/10/2016 07:48 AM, Sven Eschenberg wrote:
>> BTW: Personally I think that one thing in the blockdevice stack was
>> screwed up severely: Always have information on the upper layer in the
>> lower layer - That would eliminate most issues. On the lowest layer we
>> do have that information (PARTUUID/PARTTYPE), it is just mostly ignored.
> It's good that it's ignored. If anything stopped working just because
> I moved a LUKS container to a different partition or device, I would
> get rid of LUKS immediately and just use plain dm-crypt. Adding
> unnecessary inter-relationships is a _bad_ thing.
More information about the dm-crypt