Bug#678015: debian-installer: Guided partitioning took 26 hours to complete erasure of encripted LVM volume

To: 678015@bugs.debian.org, 721360@bugs.debian.org
Subject: Bug#678015: debian-installer: Guided partitioning took 26 hours to complete erasure of encripted LVM volume
From: Agustin Martin <agmartin@debian.org>
Date: Wed, 2 Oct 2013 16:22:30 +0200
Message-id: <[🔎] 20131002142230.GA5788@agmartin.aq.upm.es>
Reply-to: Agustin Martin <agmartin@debian.org>, 678015@bugs.debian.org
In-reply-to: <20120823110031.GA22095@spike.0x539.de>
References: <874nnueykl.fsf@anar.lloke.localnet> <20120823110031.GA22095@spike.0x539.de>

On Thu, Aug 23, 2012 at 01:00:31PM +0200, Philipp Kern wrote:
> On Thu, Aug 23, 2012 at 12:40:10PM +0300, Riku Saikkonen wrote:
> >  - Does this step write random data or only 0s to the disk? (I think
> >    messages #15 and #35 in this bug report show that this is not clear
> >    to the users.)
> 
> It writes 0s to the encrypted container which results in random data on disk
> (which is by design).

(sending also to #721360, should probably be merged with this bug report)

Hi, sharing my experiences here,

I recently noticed this slowness when erasing a 300GB volume. Erasing from
debian-installer looked really slow.

I did some tests with a 1GB volume and /dev/urandom, resulting in
~0.5GB/min, that means at least 10 hours expected. Later noticed that zeros
are written to the encripted volume, as pointed out above, but unfortunately
I did not test with debian-installer and the original 1GB test volume and I
no longer have that box for testing, so I do not know the actual times for
debian-installer in that 1GB reference volume.

However, looking at faster ways to do this, I found this reference

http://www.globallinuxsecurity.pro/quickly-fill-a-disk-with-random-bits-without-dev-urandom/

claiming to be a faster method when CPU has AES suport. Indeed, with this
method and the script (uptime only used to know the times)

------------ 8< -------------------------------
#!/bin/sh

set -x

cryptsetup luksFormat $1 || exit 1
cryptsetup luksOpen $1 cryptodev || exit 1
cat /proc/uptime
dd if=/dev/zero bs=1M of=/dev/mapper/cryptodev
cryptsetup luksClose cryptodev
dd if=/dev/urandom bs=1M count=2 of=$1
cat /proc/uptime
------------ 8< -------------------------------

I wrote the 300GB volume in ~1.5 hours, something I find reasonable. Do not
know about the randomness quality, but this method seems to do something
similar to what partman-crypto is doing, although in a way that is aware of
CPU AES support. Note that I did this from a shell inside debian-installer,
with no extra packages installed.

Regards,

-- 
Agustin

Reply to:

Prev by Date: partman-crypto_63_i386.changes ACCEPTED into unstable
Next by Date: Bug#678015: speed improvements
Previous by thread: partman-crypto_63_i386.changes ACCEPTED into unstable
Next by thread: Bug#678015: speed improvements
Index(es):
- Date
- Thread