You are not logged in.

#1 2013-01-09 00:54:20

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

LUKS + LVM (and TRIM) with new installation process

Hello,

I'm trying to install archlinux on my laptop using lvm over luks. I've tried to follow the two following wiki pages :

https://wiki.archlinux.org/index.php/LUKS
https://wiki.archlinux.org/index.php/Lvm

However I don't understand everything. Especially because the install process has changed recently (september I think) and with the use of systemd. For example, steps where I have to change /etc/rc.conf are no longer pertinent I guess.

So far I have :
- created 3 partitions (boot, swap, rest)
- encrypted with luks the 3rd one
- created a lvm pv, vg and lv in the decrypted partition
- mounted boot and the logical volume and started the usual installation process

I don't understand what I should change in the fstab file. How can I specify the decryption of my luks partition at boot ? what has to be adapted exactly with these recent changes ?
Also, I have a ssd. I understood I should enable TRIM but I don't understand how to do it.

Thank you in advance

Last edited by martvefun (2013-01-10 15:35:54)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#2 2013-01-09 01:01:48

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: LUKS + LVM (and TRIM) with new installation process

The device-mapper functionality at boot is achieved with the initramfs.  So this means you must include the necessary scripts.  Fortunately, the amazing devs have included hooks in mkinitpcio that will take care of this for you. 

In your case, it sounds like you need to include the lvm2 hook before the filesystems hook, and the encrypt hook before the lvm2 hook.  This is assuming that i am reading your post correctly that the lvm is on top of the encrypted partition.

Offline

#3 2013-01-09 01:53:02

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,148

Re: LUKS + LVM (and TRIM) with new installation process

If you are not encrypting swap then your data will not be secure. Are you sure that you do not wish to include swap in the lvm?

genfstab will give you a base fstab to work from. (May need editing but should be pretty good.) Just make sure everything is mounted correctly etc.

For the ssd question, please read the wiki article on this. It will take you through the relevant considerations so that you understand what the options are. There are security implications to enabling TRIM, for example. Since you are encrypting, I assume these may be relevant to you.

Last edited by cfr (2013-01-09 01:54:57)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#4 2013-01-09 11:06:11

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,494

Re: LUKS + LVM (and TRIM) with new installation process

Agree with cfr, to keep your install safe, swap should be a part of lvm, and not be a separate partition, unless you encrypt that one too.

To tell you what I did, created 2 partitions, boot and an empty space.
Encrypt the empty space, put lvm on top of that and created my partitions, root home, var swap( and what you like to add;)
Install Arch(wiki) and add lvm2 && encrypt to the hooks, the way WonderWoofy explained!

You don't need to specify decryption of your lvm in fstab, that's all taken care of during boot process, your passwd will be asked for!
You need to define boot and partitions 'living in lvm', which is done by genfstab ( want to be on the save side?.. use UUID's for your partitions in lvm!)

You should be 'good to go' now!

Offline

#5 2013-01-09 11:16:17

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

Thank you three for your answers.

Oh right, it's better if the swap is encrypted. Concerning the security level, I am aiming at a good security level (eg: stolen laptop can not be read or can left it in hibernation without too much concerns from script kiddies) but not top level (cold boot analysis...). I have no governmental secrets to store, I just care about my privacy. I don't want to store the key on an external usb drive for example. I also read the security implication of TRIM with dm-crypt but it doesn't seem to be a big deal for my goal.

So to make sure we are talking about doing the same, if I start again, these are the steps I did:

# skip boot, loadkeys, locales, wifi...
cfdisk # create 2 partition
mkfs.ext4 /dev/sda1 -L boot
cryptsetup --cipher aes-cbc-essiv:256 --key-size 256 --hash sha256 --iter-time 1000 --use-random --verify-passphrase luksFormat /dev/sda2
...
cryptsetup luksOpen /dev/sda2 sda2_crypt
pvcreate /dev/mapper/sda2_crypt
vgcreate MyGroup /dev/mapper/sda2_crypt
lvcreate -C y -L 1G MyGroup -n lvswap
lvcreate -l +100%FREE MyGroup -n lvarch
mkswap /dev/mapper/MyGroup-lvswap
mkfs.ext4 /dev/mapper/MyGroup-lvarch -L arch
# mounting
mount /dev/mapper/MyGroup-lvarch /mnt
swapon /dev/mapper/MyGroup-lvswap
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

Then I continue the install process (from 2.6).
1. install base system
2. genfstab
3. arch-chroot
4. usual install

But I still have problems/questions for the rest of the procedure :

For the swap partition, I would like to be able to resume from hibernation, so I need to apply the procedure With suspend to disk support I guess. However this procedure tells me to encrypt the swap partition. It means my swap partition would be luks over lvm over luks ? Am I not encrypting too much ?

# swapoff /dev/mapper/MyGroup-lvswap
# cryptsetup --cipher aes-cbc-essiv:256 --key-size 256 --hash sha256 --iter-time 1000 --use-random --verify-passphrase luksFormat /dev/mapper/MyGroup-lvswap
# cryptsetup luksOpen /dev/mapper/MyGroup-lvswap swapDevice
# mkswap /dev/mapper/swapDevice
# swapon /dev/mapper/swapDevice
# cat /lib/initcpio/hooks/openswap
# vim: set ft=sh:
run_hook ()
{
     cryptsetup luksOpen /dev/mapper/MyGroup-lvswap swapDevice --allow-discards
}

Is that correct ?

And then for the lvm/luks/trim specific :

# mkinitcpio -p linux
# nano /etc/mkinitcpio # MODULES="dm_mod" and HOOKS="... encrypt lvm2 openswap resume filesystems ..."
# mkinitcpio -p linux
# systemctl enable lvm-on-crypt
Operation failed: Invalid argument # <- error ?

edit: stupid me,  systemctl enable lvm-on-crypt.service works, I update the wiki

I wanted to be sure before continuing the procedure.

Concerning TRIM, I read here "To add support during boot, you will need to add :allow-discards to the cryptdevice option.".
This option is in /etc/grub/default, right ? So in my case I would get

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:sda2_crypt:allow-discards"

The generated /etc/fstab looks like this :

# /dev/mapper/MyGroup-lvarch
UUID=8F42... / ext4 rw,relatime,data=ordered 0 1

#/dev/sda1
UUID=dd3d... /boot ext4 rw,relatime,data=ordered 0 2

# /dev/mapper/MyGroup-lvswap
UUID=d10f... none swap defaults 0 0

I am not sure for the swap in the fstab file. If I encrypt it, should I change the entry ?
Also here, I read I should add "discard" to the first fstab line.

Last edited by martvefun (2013-01-09 13:25:15)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#6 2013-01-09 13:29:52

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,494

Re: LUKS + LVM (and TRIM) with new installation process

Right, I'm not that much of a guru') , but gonna try..
The way you created all volumes and partitions is oke, as far as I can tell..

For the swap partition, I would like to be able to resume from hibernation, so I need to apply the procedure With suspend to disk support I guess. However this procedure tells me to encrypt the swap partition. It means my swap partition would be luks over lvm over luks ? Am I not encrypting too much ?

I don't use this function cause the battery of the laptop I use encrypted, is broken!
However, I don.t believe you should encrypt it twice!

The wiki says;
To be able to resume after suspending the computer to disk (hibernate), it is required to keep the swap filesystem intact. Therefore, it is required to have a pre-existent LUKS swap partition, which can be stored on the disk or input manually at startup.

So, I don't know exactly what the author means, but should it be an encrypted volume outside lvm!? But you don't need 2, if you go for this config, don't create one in lvm.

# systemctl enable lvm-on-crypt
Operation failed: Invalid argument # <- error ?

Should be;
# systemctl enable lvm-on-crypt.service

My fstab looks like this;

# 
# <file system>	<dir>	<type>	<options>	<dump>	<pass>
tmpfs		/tmp	tmpfs	nodev,nosuid	0	0
UUID=...... /var ext4 defaults 0 2
UUID=...... / ext4 defaults 0 1
UUID=...... /home ext4 defaults 0 2
UUID=...... swap swap defaults 0 0
UUID=...... /tmp ext4 defaults 0 2
UUID=...... /boot ext2 defaults 0 2

Mind you, this is a HDD , no SSD

Actually, here is one for SSD;

]# 
# <file system>	<dir>	<type>	<options>	<dump>	<pass>
tmpfs		/tmp        tmpfs        nodev,nosuid,size=8G	0	0
# /dev/sda2
UUID=...... 	/         	ext4      	defaults,noatime,discard	0 1

# /dev/sda4
UUID=...... 	/home     	ext4      	defaults,noatime,discard,nodev,nosuid	0 2

# /dev/sda3
UUID=...... 	/var      	ext4      	defaults,noatime,discard,nodev,nosuid,noexec	0 2

# /dev/sda1
......         	/boot/efi 	vfat      	defaults,noatime,discard,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro	0 2

edit:
Forgot this one')

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:sda2_crypt:allow-discards"

Shouldn't you add this to your kernel line, like this;

linux /vmlinuz-linux  root/dev/mapper/your_LVM_ROOT ro cryptdevice=/dev/sda2:sda2_crypt:allow-discards" ro quiet

edit: tidy up && remove useless info

Last edited by qinohe (2013-01-09 14:17:22)

Offline

#7 2013-01-09 14:31:43

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

Thanks, I achieved one step further smile

I finished installing the base system and succeeded to boot. However when I enter my passphrase, the keyboard is set to en_US.

I have also an error when I enter the correct passphrase :

Usage: cryptsetup ...
--allow-discard: unknown-option

It's maybe related to the swap configuration (I got also an error "/dev/mapper/swapDevice not found" while booting)

I will try with a regular swap file.

Also do you put something in your /etc/crypttab ? I saw a warning "Using a passphrase to decrypt LUKS partitions automatically from /etc/crypttab is deprecated" but I don't know if it means I should not use this file.

Last edited by martvefun (2013-01-09 15:12:06)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#8 2013-01-09 15:06:00

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,494

Re: LUKS + LVM (and TRIM) with new installation process

I finished installing the base system and succeeded to boot. However when I enter my passphrase, the keyboard is set to en_US.

This is normal behavior, if you don't specify a locale it defaults to en_US! , nice, you managed  to install;)

I have also an error when I enter the correct passphrase :
Usage: cryptsetup ...
--allow-discard: unknown-option

It's maybe related to the swap configuration (I got also an error "/dev/mapper/swapDevice not found" while booting)

I think it's because you encrypted swap twice!
Could you post your kernel line?
Somehow I Think!, you didn't use allow-discard the right way,)

Also do you put something in your /etc/crypttab ? I saw a warning "Using a passphrase to decrypt LUKS partitions automatically from /etc/crypttab is deprecated" but I don't know if it means I should not use this file.

No, I didn't change anything, maybe there was a pacnew for that a while ago, I don't recall..
But if you want, here's mine:

# <name>       <device>         <password>              <options>
# home         /dev/hda4        /etc/mypassword1
# data1        /dev/hda3        /etc/mypassword2
# data2        /dev/hda5        /etc/cryptfs.key
# swap         /dev/hdx4        /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=256
# vol          /dev/hdb7        none

edit: you edited your edit, I wait for your answer hmm

Last edited by qinohe (2013-01-09 15:11:34)

Offline

#9 2013-01-09 15:11:46

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

For the keyboard indeed : fixed by adding "keymap" before "encrypt" in the hooks' list and configuring the keyboard for xorg (not sure which one did the trick)

Ok I set the swap as /dev/mapper/MyGroup-lvswap instead of another luks drive and removed the hooks openswap.
It seems to work, I can boot correctly (I have the graphics that crash as soon as I am logged in but I think it's related to xorg and e17.)

By kernel line, you mean the one for grub ?

linux /vmlinuz-linux root=/dev/mapper/MyGroup-lvarch ro cryptdevice=/dev/sda2:sda2_crypt:allow_discards resume=/dev/mapper/MyGroup-lvswap quiet

I will check if the swap is correctly loaded once I fix my problem with e17 but if nobody tells me I did something wrong, I will put this thread as solved smile

(sorry I changed my previous edit. I was not sure you saw it and for better clarity I preferred put it in a new response)

edit: when starting I see

Encryption option 'allow_discards' not known, ignoring

A password is required to access the sda2_crypt volume:
Enter passphrase for /dev/sda2: 

Last edited by martvefun (2013-01-09 15:34:27)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#10 2013-01-09 15:59:23

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,494

Re: LUKS + LVM (and TRIM) with new installation process

martvefun wrote:

For the keyboard indeed : fixed by adding "keymap" before "encrypt" in the hooks' list and configuring the keyboard for xorg (not sure which one did the trick)

Nice. but I don't have that one added and it still works?)

Ok I set the swap as /dev/mapper/MyGroup-lvswap instead of another luks drive and removed the hooks openswap.
It seems to work, I can boot correctly (I have the graphics that crash as soon as I am logged in but I think it's related to xorg and e17.)

Still, something bothers me about your swap... graphics is something different, yes!

By kernel line, you mean the one for grub ?

linux /vmlinuz-linux root=/dev/mapper/MyGroup-lvarch ro cryptdevice=/dev/sda2:sda2_crypt:allow_discards resume=/dev/mapper/MyGroup-lvswap quiet

Yeah, that's the one..
I think this part:>resume=/dev/mapper/MyGroup-lvswap , should go elsewhere..

Read this part of the wiki Additional arguments

I will check if the swap is correctly loaded once I fix my problem with e17 but if nobody tells me I did something wrong, I will put this thread as solved smile

I don't think you did something wrong, just everything you do for the first time, well need to learn;)..., by the way, I saw in your first post, about the new way, I think installing Arch the new way.. is a good way, I love it like that, full control in a nice way, and easier to handle than Gentoo , no flame intended;)!

edit: when starting I see
Encryption option 'allow_discards' not known, ignoring

A password is required to access the sda2_crypt volume:
Enter passphrase for /dev/sda2:

First:Yeah, you saw my part on that one two quotes back?Second: It's correct to answer that question with your passwd.

(sorry I changed my previous edit. I was not sure you saw it and for better clarity I preferred put it in a new response)

Heh:) yeah I checked back and it was gone, so I thought well I just wait....and put it in my post;)
Once you made one better leave it, until it's useless!)

Last edited by qinohe (2013-01-09 16:12:07)

Offline

#11 2013-01-09 16:44:41

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

qinohe wrote:

Yeah, that's the one..
I think this part:>resume=/dev/mapper/MyGroup-lvswap , should go elsewhere..

Read this part of the wiki Additional arguments

I put the resume line in the grub as specified on the page you gave

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:sda2_crypt:allow_discards resume=/dev/mapper/MyGroup-lvswap"

which generated the line in grub.cfg I gave.
Where would you put it ?

I don't think you did something wrong, just everything you do for the first time, well need to learn;)..., by the way, I saw in your first post, about the new way, I think installing Arch the new way.. is a good way, I love it like that, full control in a nice way, and easier to handle than Gentoo , no flame intended;)!

Maybe it's better for the personnalisation of the system but it's harder to install than before. Anyway, I think I just need to get used to it. smile

First:Yeah, you saw my part on that one two quotes back?Second: It's correct to answer that question with your passwd.

Yes it's normal that the password is asked, my question was more about the error before (which may indicate a problem with TRIM/swap).

And no, sorry I hadn't see your edit. So my grub configuration is given above


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#12 2013-01-09 17:03:50

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,494

Re: LUKS + LVM (and TRIM) with new installation process

linux /vmlinuz-linux root=/dev/mapper/MyGroup-lvarch ro cryptdevice=/dev/sda2:sda2_crypt:allow_discards ro 

Leave this as your kernel line in grub.cfg! Although I think that ':allow_discards ' needs a different place too!)

wiki wrote:

cryptdevice=/dev/mapper/root:root:allow-discards

So it is the right place, but yours uses an '_' while it should be a '-'
Or in human language change the underscore for a score!)

resume=/dev/mapper/MyGroup-lvswap"

and this in /etc/default/grub, you will see it's the right place')
Like this:

GRUB_CMDLINE_LINUX="resume=/dev/sdaX"

or with UUID of course,)

Last edited by qinohe (2013-01-09 17:19:16)

Offline

#13 2013-01-09 23:11:42

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

Oh right, I hadn't seen the difference between the two. Thanks.

Now it boot correctly, I have a swap enabled (at least that's what "free -m" shows me). Any idea how I could check if TRIM works ? (boot too fast, I have no time to check for error messages smile )


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#14 2013-01-10 02:20:08

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,148

Re: LUKS + LVM (and TRIM) with new installation process

I didn't think TRIM worked correctly with an MBR table? Don't you need to be using GPT?

By the way you don't need to enable the systemd service at all given the way you've set up your system. Same for crypttab etc. Think about it this way: if that stuff was necessary, it would be useless because by the time it can be read, the LUKS container must already have been decrypted. That stuff is only relevant if root is *not* on the encrypted partition.

Also, I don't think discard is supported on fat 32 file systems, is it?

Caveat: I don't own a ssd and never have. I've only ever set one up once.

Last edited by cfr (2013-01-10 02:21:48)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#15 2013-01-10 06:03:00

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: LUKS + LVM (and TRIM) with new installation process

@cfr, yeah I didn't think discards were supported in fat filesystems either, but after perusing the mount man page, I found out that they are.  What vfat won't let you do is use fstrim to discard unused blocks in a batch.

As far as TRIM and mbr vs gpt, I have no idea.  I have been using GPT since far before my first SSD, so I cannot comment on that.  I see no reason why it wouldn't work, as most of those devices are marketed to be windows friendly (like everything), and it is apparent that until very recently most windows systems were using bios boot and therefore mbr partitioning.

@martvefun, see here to find a link for a way to test the functionality of TRIM.  The instructions assume a nonencrypted device, but I figure if you are specifying "allow-discards" on your LUKS partitions, it should function in the same way.

Offline

#16 2013-01-10 12:10:17

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

@cfr : All the commands using "systemd enable..." works only after the partition decrypted and loaded ? If so Indeed, systemd configuration for lvm is probably useless.
So it means the only relevant parts for my configuration are te one related to grub and mkinitcpio ?
By the way, how is it the system knows my keyboard layout if I specify it in xorg and vconsole files ?

I don't use FAT32 file system, I use EXT4.

For the table partition, I have never used something else than MBR. Should I change ?

I am not so much keen with the idea of reinstalling everything now but if I have to do it, let's do it before I do too much configuration smile

@WonderWoofy : I tried the manipulation but the first 'hdparm --read-sector' returns only empty sectors. Would it be related to the fact the partition is encrypted (but then I was excpecting random junk actually).

However, on this post How to Activate TRIM on LUKS Encrypted Partitions in Ubuntu & Debian, I see they give another command to check if it's enable

$ sudo dmsetup table /dev/mapper/sda2_crypt --showkeys
0 249583634 crypt aes-cbc-essiv:sha256 f7[... ]95 0 8:2 4096 1 allow_discards

The "1 allow_discards" would mean I am all set then ? (and I even achieved the impressive time of 3 second from promp of luks password to e17 desktop ready, so encrypting doesn't seem to slow down the laptop that much)

Last edited by martvefun (2013-01-10 12:55:55)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#17 2013-01-10 15:10:10

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: LUKS + LVM (and TRIM) with new installation process

martvefun, I'm sorry I guess I just misinterpreted your question.  I think what you were asking is how to check to make sure that allow_discards was actually set, not is my TRIM actually zeroing out the unused blocks on delete.  If that is the case, then yes, that feedback from dmsetup is telling you what you want to know.

Also, I honestly think you are a-okay with mbr partitioning, but only like 98.312% so.  The systemctl enable commands are only applicable if you have device-mapper partitions/block devices that have not been assembled after booting.  By using the crypt and lvm2 (and mdadm_udev) in your mkinitcpio, the initramfs is assembling these devices.  Since you are using LVM2 on top of your LUKS setup, you only have one real partition to decrypt.

In the event that you had either separately encrypted root, home, var, etc. or crypt on top of LVM2 (in which case it would again be separately encrypted partitions), you would need to have the initramfs handle those things still, but you would then also have to have a vaild /etc/crypttab file that would tell systemd how to decrypt the rest of the filesystem.  The crypttab works much like the fstab, where it is parsed by systemd and proper systemd-cryptsetup@.services would be created for you and run.

Last edited by WonderWoofy (2013-01-10 15:18:41)

Offline

#18 2013-01-10 15:32:50

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

What I want is to activate TRIM as it says it improves the performances of an SSD by cleaning unused data.
The command I did above or a simple "dmesg | grep discard"  shows indeed that allow-discard is activated. Now does that mean that TRIM is indeed working ? I don't know. I discovered the concept of TRIM two days ago so it's kind of new to me.

What I don't understand is why the manipulation in your link is not working

# for i in {10001..10200}; do echo "$i test line" >> testfile.txt; done
# sync
# hdparm --fibmap testfile.txt 

testfile.txt:
 filesystem blocksize 4096, begins at LBA 0; assuming 512 byte sectors.
 byte_offset  begin_LBA    end_LBA    sectors
           0  235145336  235145343          8
# hdparm --read-sector 235145336 /dev/sda

/dev/sda:
reading sector 235145336: succeeded
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
...
0000 0000 0000 0000 0000 0000 0000 0000

I found somebody else that has the same results as me with an almost similar configuration (luks over lvm and not lvm over luks)
http://www.saout.de/pipermail/dm-crypt/ … 02168.html

I don't understand really well the answer but I noticed this

Moreover, if you have TRIM enabled, you should see "allow_discards"
in mapping table for LUKS. Otherwise TRIM is blocked.

So it's enabled in my configuration but can I deduce it is working ?

Edit: thank you for the explanations about crypttab and systemctl. I start to get an idea of the concepts now smile

Update: I may have a lead, an error of computation ?
http://blog.alexanderkoch.net/2011/test … ks-on-lvm/

# for i in {10001..10200}; do echo "$i test line" >> testfile.txt; done
# sync
# hdparm --fibmap testfile.txt 

testfile.txt:
 filesystem blocksize 4096, begins at LBA 0; assuming 512 byte sectors.
 byte_offset  begin_LBA    end_LBA    sectors
           0  159649504  159649511          8

# dmsetup table
MyGroup-lvswap: 0 2097152 linear 254:0 2048
sda2_crypt: 0 249583634 crypt aes-cbc-essiv:sha256 0[...]0 0 8:2 4096 1 allow_discards
MyGroup-lvarch: 0 247480320 linear 254:0 2099200
# fdisk -l /dev/sda

Disk /dev/sda: 128.0 GB, 128035676160 bytes, 250069680 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0e23a912

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *          63      481949      240943+  83  Linux
/dev/sda2          481950   250069679   124793865   83  Linux

So if my computations are correct : 159649504 + 2099200 + 4096 + 481950 = 162234750

# hdparm --read-sector 162234750 /dev/sda
/dev/sda:
reading sector 162246438: succeeded
ec34 1f18 5b0f 62c2 62d2 aeae 8aa1 1421
...
# rm testfile.txt
# sync
# hdparm --read-sector 162234750 /dev/sda
/dev/sda:
reading sector 162246438: succeeded
ec34 1f18 5b0f 62c2 62d2 aeae 8aa1 1421
...

Either TRIM is not working, either I am not using the correct values

Last edited by martvefun (2013-01-10 16:41:51)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#19 2013-01-10 19:51:41

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,482

Re: LUKS + LVM (and TRIM) with new installation process

Try your last exercise without adding the start sector of sda2 (481950).

edit: Another thing  - I am wondering if you have to take account of the offset of the lv-swap in your setup.
You can also use "fstrim -v" on the command line. It gives you feedback.

Last edited by Strike0 (2013-01-10 20:06:30)

Offline

#20 2013-01-10 20:19:58

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

No only zeroes without this value. I tired a few other combination but couldn't find one working. Maybe using other parameters ?


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#21 2013-01-10 22:08:54

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,482

Re: LUKS + LVM (and TRIM) with new installation process

martvefun wrote:

No only zeroes without this value. I tired a few other combination but couldn't find one working. Maybe using other parameters ?

Which parameters you refer to now?
Whats the output of fstrim, is it positive?

If you cant figure the offset out for your case, you can "brute-force" it as well by filling up the partition with random data, selecting a sector in the middle and then delete it again: https://wiki.archlinux.org/index.php/LU … disk_drive

Offline

#22 2013-01-10 22:42:40

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

I tried with and without the offset from fdisk (481950) and with and without the value from dmsetup table (2099200+4096)

Ok so I tried generating 1GB of random data. I got from begin_LBA 9125888 to end_LBA 11452415. So I tried look at the four combinations I see)
- 9125888
- 11711134 (9125888 + 2099200 + 4096 + 481950)
- 11229184 (9125888 + 2099200 + 4096)
- 9607838 (9125888 + 481950)
For the four values, I got random bytes before and after removing the data and doing sync.

What does fstrim ? I tried "fstrim ." in the repository where was the file but I got no output and same results with the four "hdparm --read-sector".

Last edited by martvefun (2013-01-10 23:40:16)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

#23 2013-01-11 00:11:28

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,148

Re: LUKS + LVM (and TRIM) with new installation process

Note: I don't think GPT is required for TRIM. I knew there was some reason to use it on an SSD but I think it may just be that it makes alignment easier, though I'm not certain about this.

Very surprised about vfat and TRIM. I've read the bit in the manual page now and I'm still not sure I believe it...


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#24 2013-01-11 05:42:41

roentgen
Member
Registered: 2011-03-15
Posts: 91

Re: LUKS + LVM (and TRIM) with new installation process

martvefun,

You need to pass --allow-discards at the luks device *creation*.
Than enable it at boot with cryptdevice=UUID=6dd....b17:lvmname:allow-discards in the kernel line.
Further more I guess it's needed also in /etc/lvm/lvm.conf with the line issue_discards = 1. Redo your initramfs with mkinitcpio after this change.

Please tell me how it goes.

Offline

#25 2013-01-11 10:04:15

martvefun
Member
From: The Internets
Registered: 2009-12-19
Posts: 179

Re: LUKS + LVM (and TRIM) with new installation process

@roentgen : at the creation ? In the man page, I see the option --allow-discards defined as

       --allow-discards
              Allow using of discards (TRIM) requests for device.  This option
              is only relevant for create, luksOpen or loopaesOpen.

I created my partition using "luksFormat" as explained in the wiki page, not "create". If I understand correctly, the option "create" is for "plain" format (they explain here, at 2.2, the difference, not sure it's a god idea to use it, I will need other changes after ?). It seems strange to me that they provide the --allow-discards option for luksOpen but not luksFormat if you need it at the creation to be effective (don't know if I am clear).

I will try with the change in lvm and let you know

Update: when only changing "issue_discards = 1", I got random bytes at <--fibmap> + <fdisk> + <dmsetup> (zeroes for the 3 other combinations) but same data after removing the file.

Last edited by martvefun (2013-01-11 10:15:15)


English is not my native language, sorry for the mistakes
Arch amd64, GNOME, Thinkpad

Offline

Board footer

Powered by FluxBB