[systemd-devel] Fwd: Immutable Images: Single Data Patition

Adrian Vovk adrianvovk at gmail.com
Thu Mar 2 22:15:31 UTC 2023 

Whoops, forgot to reply-all and replied directly to Lennart. Forwarding to
the ML

---------- Forwarded message ---------
From: Adrian Vovk <adrianvovk at gmail.com>
Date: Thu, Mar 2, 2023 at 16:59
Subject: Re: [systemd-devel] Immutable Images: Single Data Patition
To: Lennart Poettering <lennart at poettering.net>


> /home/ with dm-integrity or OPAL for trust, TPM-bound, with homed managed
homedirs inside that do encryption

How big is the dm-integrity write performance hit? My understanding is
that it is 2x slower, though I don't recall where I got this info.

Maybe it'd be more beneficial to push through authenticated BTRFS into
the kernel and only support BTRFS on the unencrypted home partition?
This replaces btrfs's hashes with crypto hashes keyed on whatever,
which allows us to do the equivalent of dm-integrity but w/o the
performance hit (in theory)

> With that you'd have to figure out three sizes, i.e. how to size 2/3, how
to size 4 and how to size 5.

Yes we're on the same page here

> And suddenly we'd have a spec that would be particularly powerful and
generic: you could use it for subvols, for dirs, or for loopback files, and
mix and match freely, and it would always behave somewhat the same way

Makes sense. Is there someone I can collaborate with and/or somewhere
to go to talk about this and maybe get that TODO resolved &
implemented?

> dm-linear

Would we be able to reclaim the data if the partition shrinks? For
instance, if the user changes jobs and no longer needs containers, so
they delete many gb of containers out of /var. Will we be able to
shrink the rootfs partition and then merge chunks back into the
extension partition (or make a separate extension partition if the
disk is already fragmented?)

How would we manage the size of the filesystem? Overcommit it to the
size of the extension partition, but keep it minimal on disk? Have
adjustable headroom? Will we expect the user to adjust the headroom?

> Interesting that ChromeOS and Android came to different solutions there

Indeed

Best,
Adrian
-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230302/f8d03f5f/attachment.htm>

More information about the systemd-devel mailing list