On Mon, Jun 5, 2023 at 11:09 AM Lennart Poettering <lenn...@poettering.net> wrote:
> On Mo, 05.06.23 10:41, Valentin David (valentin.da...@canonical.com) > wrote: > > > On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering < > lenn...@poettering.net> > > wrote: > > > > > On So, 04.06.23 14:25, Valentin David (valentin.da...@canonical.com) > > > wrote: > > > > > > > I have been trying to create a root partition from initrd with > > > > systemd-repart. The repart.d file for this partition is as follow: > > > > > > > > [Partition] > > > > Type=root > > > > Label=root > > > > Encrypt=tpm2 > > > > Format=ext4 > > > > FactoryReset=yes > > > > > > > > I am just using systemd-repart.service in initrd, without > modification > > > > (that is, it finds the disk from /sysusr/usr). Even though this is > > > working, > > > > the problem I have is that it takes a very long time for the > partition to > > > > be created. Looking at the logs, it spends most of time in the > > > > reencryption. > > > > > > reencryption? We don't do any reencrytion really. i.e. we do not > > > actually support anything like "cryptsetup reencrypt" at all. All we > > > do is the equivalent of "cryptsetup luksFormat". Are you suggesting > > > that repart is slower at formatting a block device via LUKS than > > > invoking cryptsetup directly would be? I'd find that very surprising... > > > > > > > This is what it looks like in src/partition/repart.c. Function > > partition_encrypt calls sym_crypt_reencrypt_init_by_passphrase and > > then sym_crypt_reencrypt. > > And make_filesystem is called before partition_encrypt. So it must > > reencrypt since mkfs was called before. > > Oh, fuck, yeah, Daan added that. > > This is a bug really. > I will open an issue on github then.
