installimage icon indicating copy to clipboard operation
installimage copied to clipboard
verified publisher icon hetzneronline

Configurable sector size for crypt device?

Open saz opened this issue 1 year ago • 1 comments

I'm running into an issue with some NVMe devices with a logical block size of 512 bytes and a physical block size of 4096 bytes.

Since cryptsetup 2.4.0 luksFormat will automatically detect the optimal encryption sector size. For me, this will result in a 4096 bytes sector size, which would be fine, but I'm trying to use the server as a host for virtual machines, which must use 512 bytes (see https://github.com/ganeti/instance-debootstrap/pull/2 for some more details).

root@gnt16 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9
Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 937384784 sectors
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 131072 bytes / 131072 bytes
root@gnt16 ~ #

root@gnt16 ~ # nvme id-ns -H /dev/nvme0n1 | grep "Relative Performance"
LBA Format  0 : Metadata Size: 0   bytes - Data Size: 512 bytes - Relative Performance: 0 Best (in use)
LBA Format  1 : Metadata Size: 0   bytes - Data Size: 4096 bytes - Relative Performance: 0 Best
root@gnt16 ~ #

Setting the encryption sector size with --sector-size=512 passed to cryptsetup, will set the logical block size to 512 bytes

root@gnt14 ~ # fdisk -l /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9
Disk /dev/mapper/luks-9ea56481-0008-45bf-bc2d-10db97a768b9: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
root@gnt14 ~ #

It's also possible to change the sector size by running cryptsetup reencrypt --sector-size=512 /dev/md1 without data being lost. After a reboot, such a device looks like this

root@gnt14 ~ # fdisk -l /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f
Disk /dev/mapper/luks-a1e27b11-c9ec-4b37-85ef-f332c31d191f: 3.49 TiB, 3839528075264 bytes, 7499078272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
root@gnt14 ~ #

I'm happy to send in a PR, which adds a new config option to make this configurable, to avoid running cryptsetup reencrypt as this might take a lot of time.

saz avatar Jul 26 '24 21:07 saz

@saz hi! I'm afraid I cannot help you here anymore, but glad to see you here as well!

bastelfreak avatar Jul 26 '24 21:07 bastelfreak

As usual, installimage is geared toward standardized OS installations as part of the dedicated server delivery. The correct way to work around or fix this problem is to align partitions at MiB boundaries like installimage does and which is also mentioned in the linked issue.

asciiprod avatar Dec 01 '25 19:12 asciiprod