[systemd-devel] systemd-repart very slow creation of partitions with Encrypt=

[Valentin David]

On Mon, Jun 5, 2023 at 11:09 AM Lennart Poettering <lennart at poettering.net>
wrote:

> On Mo, 05.06.23 10:41, Valentin David (valentin.david at canonical.com)
> wrote:
>
> > On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering <
> lennart at poettering.net>
> > wrote:
> >
> > > On So, 04.06.23 14:25, Valentin David (valentin.david at canonical.com)
> > > wrote:
> > >
> > > > I have been trying to create a root partition from initrd with
> > > > systemd-repart. The repart.d file for this partition is as follow:
> > > >
> > > > [Partition]
> > > > Type=root
> > > > Label=root
> > > > Encrypt=tpm2
> > > > Format=ext4
> > > > FactoryReset=yes
> > > >
> > > > I am just using systemd-repart.service in initrd, without
> modification
> > > > (that is, it finds the disk from /sysusr/usr). Even though this is
> > > working,
> > > > the problem I have is that it takes a very long time for the
> partition to
> > > > be created. Looking at the logs, it spends most of time in the
> > > > reencryption.
> > >
> > > reencryption? We don't do any reencrytion really. i.e. we do not
> > > actually support anything like "cryptsetup reencrypt" at all. All we
> > > do is the equivalent of "cryptsetup luksFormat". Are you suggesting
> > > that repart is slower at formatting a block device via LUKS than
> > > invoking cryptsetup directly would be? I'd find that very surprising...
> > >
> >
> > This is what it looks like in src/partition/repart.c. Function
> > partition_encrypt calls sym_crypt_reencrypt_init_by_passphrase and
> > then sym_crypt_reencrypt.
> > And make_filesystem is called before partition_encrypt. So it must
> > reencrypt since mkfs was called before.
>
> Oh, fuck, yeah, Daan added that.
>
> This is a bug really.
>

I will open an issue on github then.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230605/4d073bec/attachment.htm>