-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vendor: move to snapshot-4c814e1 branch and set fixed KDF options #10591
Conversation
This commit moves our secboot code to the `snapshot-4c814e1` branch that contains fixes around the KDF benchmarking. This will improve the install performance.
Looks like we need to adapt our code, too. Let me know if you are busy and would like me to do it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks ok to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm but one doubt
@@ -53,6 +53,10 @@ func (s *encryptSuite) TestFormatEncryptedDevice(c *C) { | |||
c.Assert(opts, DeepEquals, &sb.InitializeLUKS2ContainerOptions{ | |||
MetadataKiBSize: 2048, | |||
KeyslotsAreaKiBSize: 2560, | |||
KDFOptions: &sb.KDFOptions{ | |||
MemoryKiB: 32768, TargetDuration: 0, | |||
ForceIterations: 4, Parallel: 0, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from the cryptsetup docs is not super clear if Parallel must be set as well when setting ForceIterations or not. I suppose we need to test the effect of this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't need to be set - it defaults to the maximum (4) if it's unset. In all cases, it's then adjusted down if there are fewer CPUs. The only requirement is that you can't try to set it to zero.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only for context:
which probably translates to 4 or 1 in real world I'd imagine. Apart of intel there are not many under 4 cores devices. On arm we either see 4+ or 1 in very low power devices.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
@@ -53,6 +53,10 @@ func (s *encryptSuite) TestFormatEncryptedDevice(c *C) { | |||
c.Assert(opts, DeepEquals, &sb.InitializeLUKS2ContainerOptions{ | |||
MetadataKiBSize: 2048, | |||
KeyslotsAreaKiBSize: 2560, | |||
KDFOptions: &sb.KDFOptions{ | |||
MemoryKiB: 32768, TargetDuration: 0, | |||
ForceIterations: 4, Parallel: 0, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only for context:
which probably translates to 4 or 1 in real world I'd imagine. Apart of intel there are not many under 4 cores devices. On arm we either see 4+ or 1 in very low power devices.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
This commit moves our secboot code to the
snapshot-4c814e1
branchthat contains fixes around the KDF benchmarking. This will improve
the install performance.