You are not logged in.
Pages: 1
During boot, unlocking the encrypted boot partition is very slow:
# systemd-analyze blame
14.579s systemd-cryptsetup@cryptboot.service
[...]
Checking some things doesn't reveal any issues on the running system:
# time cryptsetup luksOpen --test-passphrase --verbose /dev/nvme0n1p2
Enter passphrase for /dev/nvme0n1p2:
Key slot 0 unlocked.
Command successful.
0.25s user 0.01s system 7% cpu 3.503 total
# time cryptsetup luksOpen --test-passphrase --verbose --key-file /etc/bootkey /dev/nvme0n1p2
Key slot 1 unlocked.
Command successful.
0.48s user 0.00s system 93% cpu 0.514 total
And this is how the LUKS setup looks like:
# cryptsetup luksDump /dev/nvme0n1p2
LUKS header information for /dev/nvme0n1p2
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 32768
MK bits: 512
MK digest: 74 5f 7d 2e 7f 13 20 cd 3e 75 1f 11 a8 fa e9 9b 1c b9 62 68
MK salt: b9 60 4f f6 87 3c 01 4a 0d 2e b3 e7 56 ae d3 8c
6f 16 5b bb a5 ff b4 31 c3 ab d9 0a 43 4f d3 c1
MK iterations: 385505
UUID: 78ef6142-143f-4e67-911c-044c1bf67dfb
Key Slot 0: ENABLED
Iterations: 500000
Salt: a0 49 36 1a 2f c7 97 c8 f5 3a 3f d6 6f 8f 29 00
61 eb a5 f3 6b ee 07 ff bc 6e 48 2f 15 98 47 7c
Key material offset: 1016
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 500000
Salt: bf 4f 4f 55 34 d9 92 96 6d 75 2f db 2d 22 dc a3
8a f5 a5 3d 97 80 52 b0 92 73 41 05 07 f8 f6 68
Key material offset: 8
AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
LUKS v1 because of GRUB... And GRUB is relatively fast in unlocking this partition (2-3s).
Any idea what I could do to bring the "systemd-cryptsetup@cryptboot.service" down to a few seconds?
Offline
The systemd-analyze blame output isn't really comparable to the others because decrypting boot may be waiting on other things to finish first, whereas in all the other cases, decrypting boot is the only thing being done. So it isn't clear there's anything here to solve. Unlike GRUB, systemd is just piggybacking on the standard cryptsetup etc., as far as I know.
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Online
Pages: 1