Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow additional options to the cryptsetup #427

Closed
jsirex opened this issue Mar 29, 2022 · 1 comment · Fixed by #434
Closed

Allow additional options to the cryptsetup #427

jsirex opened this issue Mar 29, 2022 · 1 comment · Fixed by #434
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@jsirex
Copy link
Contributor

jsirex commented Mar 29, 2022
edited
Loading

Looks like it is NOT possible to provide additional options to the cryptsetup.

For example:

      --allow-discards
              Allow the use of discard (TRIM) requests for the device.  This option is only relevant for open action.  This is also not supported for LUKS2 devices with data integrity protection.

              WARNING: This command can have a negative security impact because it can make filesystem-level operations visible on the physical device. For example, information leaking filesystem type, used
              space, etc. may be extractable from the physical device if the discarded blocks can be located later. If in doubt, do not use it.

              A kernel version of 3.1 or later is needed. For earlier kernels, this option is ignored.

       --perf-same_cpu_crypt
              Perform  encryption using the same cpu that IO was submitted on.  The default is to use an unbound workqueue so that encryption work is automatically balanced between available CPUs.  This op‐
              tion is only relevant for open action.

              NOTE: This option is available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 4.0 or later.

       --perf-submit_from_crypt_cpus
              Disable offloading writes to a separate thread after encryption.  There are some situations where offloading write bios from the encryption threads to a single thread degrades performance sig‐
              nificantly.  The default is to offload write bios to the same thread.  This option is only relevant for open action.

              NOTE: This option is available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 4.0 or later.

       --perf-no_read_workqueue, --perf-no_write_workqueue
              Bypass dm-crypt internal workqueue and process read or write requests synchronously.  This option is only relevant for open action.

              NOTE: These options are available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 5.9 or later.

At least I unable to find the way to provide --perf-no_read_workqueue, --perf-no_write_workqueue

More about performance tuning: https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
@felixfontein
Copy link
Contributor

New options for specific parameters can be added, PRs are welcome. What will not be accepted is a general "additional parameters" option.

@felixfontein felixfontein added enhancement New feature or request help wanted Extra attention is needed labels Mar 29, 2022
@jsirex jsirex mentioned this issue Mar 31, 2022
Merged
This was referenced May 9, 2022
Merged
Merged
@renovate renovate bot mentioned this issue Sep 29, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add persistent and perf options to the luks_device jsirex/community.crypto
2 participants
@jsirex @felixfontein