luks-setup() {
local luksdev="$1"
local cryptname="$2"
+ local sector_arg
# when we move to newer than trisquel 9, we can remove --type
# luks1. We can also check on cryptsetup --help | less /compil to see
# about the other settings. Default in debian 9 is luks2. You can
# luksAddKey --pbkdf pbkdf2 then remove the new format keys with
# cryptsetup luksRemoveKey then cryptsetup convert DEV --type luks1,
# then readd old keys and remove temp.
- yes YES | cryptsetup luksFormat $luksdev $luks_file || [[ $? == 141 ]]
+
+ # per https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes
+ # and
+ # https://wiki.archlinux.org/title/Advanced_Format#NVMe_solid_state_drives
+ # and if sector arg was not given, that can be fixed. First, check that it is 1mib aligned,
+ # eg. parted -m /dev/mapper/crypt-vgnvme-WD_BLACK_SN850X_8000GB_245244802091-root unit MiB print
+ # Then cryptsetup reencrypt --sector-size 4096 device
+ if [[ $luksdev == *nvme* ]]; then
+ sector_arg="--sector-size 4096"
+ fi
+ yes YES | cryptsetup luksFormat $sector_arg $luksdev $luks_file || [[ $? == 141 ]]
yes "$lukspw" | \
cryptsetup luksAddKey --key-file $luks_file \
$luksdev || [[ $? == 141 ]]
if $data_part; then
vg=${vgs[0]}
cat >/tmp/fai/crypttab <<EOF
-crypt-$vg-data /dev/$vg/data /mnt/root/q/root/luks/iank nofail,discard,luks
+crypt-$vg-data /dev/$vg/data /q/root/luks/iank nofail,discard,luks
EOF
cat >/tmp/fai/fstab <<EOF
/dev/mapper/crypt-$vg-data /mnt/dataTBD btrfs nofail,$fstabstd,noatime,subvolid=0$mopts 0 0
target_etc=/tmp/fai
if [[ $HOSTNAME == frodo ]]; then
cat >>$target_etc/crypttab <<EOF
-crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /mnt/root/q/root/luks/iank discard,luks
-crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /mnt/root/q/root/luks/iank discard,luks
-crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /mnt/root/q/root/luks/iank discard,luks
+crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /q/root/luks/iank discard,luks
+crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /q/root/luks/iank discard,luks
+crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /q/root/luks/iank discard,luks
EOF
cat >> $target_etc/fstab <<EOF
# r7 = root partition7. it isnt actually #7 anymore, not a great name, but whatever
rerootfs=true
fi
+# crypttab discard makes discard be allowed, but also an automatic mount
+# option, but periodic trim is better for perf.
+mopts=,nodiscard
if (($(nproc) > 2)); then
- mopts=,compress=zstd
+ mopts+=,compress=zstd
fi
-# Use conservative btrfs mount settings for single disk x200. I got this
-# error below on intel drive and I had several errors on a crucial
-# enterprise drive after sudden power off due to low battery.
-#
-# nodiscard based on
-# https://lore.kernel.org/linux-btrfs/d76a88d8-4262-4db4-88fd-d230139a98e0@gmx.com/
-#
-# flushoncommit based on the man page info it sounds sensible.
-#
-# Nov 25 07:28:04 x3 kernel: BTRFS error (device dm-4): bad tree block start, mirror 1 want 358059982848 have 12696086966779840503
-# Nov 25 07:28:04 x3 kernel: BTRFS error (device dm-4 state A): Transaction aborted (error -5)
-# Nov 25 07:28:04 x3 kernel: BTRFS: error (device dm-4 state A) in btrfs_drop_snapshot:6162: errno=-5 IO failure
-#
-#
-# smartctl -a /dev/sda
-# ....
-# Model Family: Intel S4510/S4610/S4500/S4600 Series SSDs
-# Device Model: INTEL SSDSC2KB038T7
-# Firmware Version: SCV10150
-
if [[ $HOSTNAME == x[23] ]]; then
- mopts=,nodiscard,flushoncommit
mopts_o=$mopts,compress=zstd
else
mopts_o=$mopts
iankelling.org / git / automated-distro-installer / commitdiff