From Fedora Project Wiki
No edit summary
(Add trackers)
 
(11 intermediate revisions by 2 users not shown)
Line 4: Line 4:
== Summary ==
== Summary ==


Autodetect optimal encryption sector size during Fedora installation with LUKS/dm-crypt encryption. On devices with 4K (physical) sector size this will make sure we use 4096 sector size which is optimal for these devices.
Autodetect optimal encryption sector size during Fedora installation with LUKS/dm-crypt encryption. On devices with 4k (physical) sector size, this will make sure we use 4096 sector size which is optimal for these devices.


== Owner ==
== Owner ==
Line 15: Line 15:


== Current status ==
== Current status ==
[[Category:ChangePageIncomplete]]
[[Category:ChangeAcceptedF35]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
Line 22: Line 22:


<!-- Select proper category, default is Self Contained Change -->
<!-- Select proper category, default is Self Contained Change -->
<!-- [[Category:SelfContainedChange]] -->
[[Category:SelfContainedChange]]


* Targeted release: [[Releases/35| Fedora Linux 35 ]]  
* Targeted release: [[Releases/35| Fedora Linux 35 ]]  
Line 32: Line 32:
ON_QA -> change is fully code complete
ON_QA -> change is fully code complete
-->
-->
* FESCo issue: <will be assigned by the Wrangler>
* FESCo issue: [https://pagure.io/fesco/issue/2638 #2638]
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1982417 #1982417]
* Release notes tracker: <will be assigned by the Wrangler>
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/716 #716]


== Detailed Description ==
== Detailed Description ==


Anaconda (libraries Anaconda uses for storage configuration) currently sets sector size for LUKS devices to 512 regardless of actual physical sector size of the underlying disk device. Latest cryptsetup release added an option to let cryptsetup automatically detect the optimal sector size based on the (physical) sector size of the backing device. By using this new option we can make sure that Anaconda uses the optimal sector size for newly created LUKS devices during installation. This means we will use sector size of 4096 for devices with 4k physical sector size increasing IO performance with these devices.
Anaconda installer (or to be more precise, the libraries Anaconda uses for storage configuration) currently sets sector size for LUKS devices to 512 regardless the of actual physical sector size of the underlying disk device. The latest cryptsetup release added an option to let cryptsetup automatically detect the optimal sector size based on the (physical) sector size of the backing device. By using this new option we can make sure that Anaconda uses the optimal sector size for newly created LUKS devices during installation. This means we will use sector size of 4096 for devices with 4k physical sector size increasing IO performance with these devices.


== Feedback ==
== Feedback ==
Line 72: Line 72:
-->
-->


With this change we will make sure to use the right encryption sector size for the disk Fedora is installed on. For disks with 4k physical sector size this could mean a small performance gain when using 4096 encryption size instead of (currently default) 512.
With this change we will make sure to use the right encryption sector size for the disk Fedora is installed on. For disks with 4k physical sector size, this could mean a small performance gain when using 4096 encryption size instead of (currently default) 512.


== Scope ==
== Scope ==
* Proposal owners: Changes for both cryptsetup and libblockdev (low level storage library used by Anaconda) are already merged ([https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/135 cryptsetup]) or submitted ([https://github.com/storaged-project/libblockdev/pull/638 libblockdev]) upstream. We only need to package new versions of these two projects for Fedora 35.
* Proposal owners: Changes for both cryptsetup and libblockdev (low-level storage library used by Anaconda) are already merged ([https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/135 cryptsetup]) or submitted ([https://github.com/storaged-project/libblockdev/pull/638 libblockdev]) upstream. We only need to package new versions of these two projects for Fedora 35. No changes will be needed in Anaconda.


* Other developers: No work from other developers is needed.
* Other developers: No work from other developers is needed.
Line 97: Line 97:
Upgraded systems will not be affected by this change, this affects only new LUKS containers created during Fedora installation.
Upgraded systems will not be affected by this change, this affects only new LUKS containers created during Fedora installation.


Support for specifying custom sector size is one of the features available in LUKS2 ([[Changes/SwitchCryptsetupDefaultToLUKS2|default since Fedora 30]]), no additional changes or special support is needed when working with LUKS2 devices with sector sizes different than 512.


== How To Test ==
== How To Test ==
Line 118: Line 119:
   4096
   4096


This can be also tested in a virtual machine. You can configure any disk to appear as a 4k block size disk in libvirt by adding following option to the disk XML specification:
This can be also tested in a virtual machine. You can configure any disk to appear as 4k block size disk in libvirt by adding the following option to the disk XML specification:


   <blockio logical_block_size="4096" physical_block_size="4096"/>
   <blockio logical_block_size="4096" physical_block_size="4096"/>
Line 148: Line 149:
  - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
  - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
-->
-->
Fedora users shouldn't notice the change, other than a small IO performance boost (IO testing on a 4k sectors NVMe shows around 2-3 % gain when using 4k sectors instead of 512 sectors).


== Dependencies ==
== Dependencies ==
Line 163: Line 166:
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
* Blocks release? No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Blocks release? No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->


== Documentation ==
== Documentation ==

Latest revision as of 19:20, 14 July 2021

Optimal LUKS Encryption Sector Size

Summary

Autodetect optimal encryption sector size during Fedora installation with LUKS/dm-crypt encryption. On devices with 4k (physical) sector size, this will make sure we use 4096 sector size which is optimal for these devices.

Owner

Current status

Detailed Description

Anaconda installer (or to be more precise, the libraries Anaconda uses for storage configuration) currently sets sector size for LUKS devices to 512 regardless the of actual physical sector size of the underlying disk device. The latest cryptsetup release added an option to let cryptsetup automatically detect the optimal sector size based on the (physical) sector size of the backing device. By using this new option we can make sure that Anaconda uses the optimal sector size for newly created LUKS devices during installation. This means we will use sector size of 4096 for devices with 4k physical sector size increasing IO performance with these devices.

Feedback

Benefit to Fedora

With this change we will make sure to use the right encryption sector size for the disk Fedora is installed on. For disks with 4k physical sector size, this could mean a small performance gain when using 4096 encryption size instead of (currently default) 512.

Scope

  • Proposal owners: Changes for both cryptsetup and libblockdev (low-level storage library used by Anaconda) are already merged (cryptsetup) or submitted (libblockdev) upstream. We only need to package new versions of these two projects for Fedora 35. No changes will be needed in Anaconda.
  • Other developers: No work from other developers is needed.
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

Upgraded systems will not be affected by this change, this affects only new LUKS containers created during Fedora installation.

Support for specifying custom sector size is one of the features available in LUKS2 (default since Fedora 30), no additional changes or special support is needed when working with LUKS2 devices with sector sizes different than 512.

How To Test

Disk with 4k physical sectors is required for testing this change. You can check block size of your drive using blockdev from util-linux package:

  # blockdev --getpbsz /dev/nvme0n1 
  4096

This can be also tested in a virtual machine. You can configure any disk to appear as 4k block size disk in libvirt by adding the following option to the disk XML specification:

  <blockio logical_block_size="4096" physical_block_size="4096"/>

Install Fedora with disk encryption enabled. Using automatic partition with Encrypt my data enabled is enough for testing.

In the installed system use cryptsetup luksDump /dev/<device> to check that correct sector size was selected for your device (4096 for disks with 4096 physical sector size):

  # cryptsetup luksDump /dev/nvme0n1p1 
  LUKS header information
  Version:        2
  ...
  Data segments:
    0: crypt
          offset: 16777216 [bytes]
          length: (whole device)
          cipher: aes-xts-plain64
          sector: 4096 [bytes]

User Experience

Fedora users shouldn't notice the change, other than a small IO performance boost (IO testing on a 4k sectors NVMe shows around 2-3 % gain when using 4k sectors instead of 512 sectors).

Dependencies

None.

Contingency Plan

  • Contingency mechanism: Keep existing behaviour (512 sector size for all devices)
  • Contingency deadline: Beta Freeze
  • Blocks release? No

Documentation

Release Notes