debian

Debian LVM Encryption takes forever

Well, I was hoping to tinker tonight with a little netbook I am installing Debian on via unetbootin┬ábut it’s taking a really long time.

I of course want to use an encrypted LVM and was interested in the guided version of the install. It was very intuitive and after setting up a separate partition for / and /home (i think doing separate partitions for /usr /tmp etc. is overkill unless you are running a server or something) the process was underway. When it got to the point of deleting the disk (partition 5), it hung at 0%.

After about 10 minutes I figured it had crashed and did a bit if research. It appears that when you ask Debian to create an encrypted LVM it takes no chances by writing 0s to the entire disk before install. With this being the seemingly unavoidable default of the guided LVM encryption, security is paramount but the length of time it takes is a problem. As you can see in this bug report, it’s a combined issue of a bug in partman-crypto (specifically blockdev-wipe which is implemented to write 0s to the disk) and a bad installer design. Apparently you can “skip” the process by clicking “cancel”. With installers I generally try not to hit cancel unless I want to…cancel.┬áThe blockdev-wipe bug is evidently a throughput issue. They increased the block size from 64k to 512k among a few other tweaks to increase performance 10x+.

I’m still a bit confused as to when patches get applied to what packages. I’m sure the stable package I’ve got doesn’t include the fix because its only a few months old but I wish I had a more accurate way to find a schedule/patch-to-package reference.

Leave a Reply

Your email address will not be published. Required fields are marked *