Bug#1033688: installation-reports: full-disk encryption partitioning takes way too long

[Andres Salomon <dilinger@queued.net>]

This didn't make it to the list due to attachment size. For 
attachments, see
https://bugs.debian.org/1033688

On Thu, Mar 30 2023 at 02:36:48 AM -04:00:00, Andres Salomon 
<dilinger@queued.net> wrote:
> Package: installation-reports
>
> Boot method: usb stick
> Image version: March 26 2023 image 
> (https://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/debian-testing-amd64-netinst.iso)
> Date: March 30th 2023  02:30am
>
> Machine: Dell Latitude E7470
> Processor: Intel i5-6300U
> Memory: 16GB
> Partitions:
>
> Disk /dev/nvme0n1: 238.47 GiB, 256060514304 bytes, 500118192 sectors
> Disk model: Micron 2200S NVMe 256GB
> Units: sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disklabel type: gpt
> Disk identifier: EB75FC3A-C6E7-444E-BAB5-1255ABE5BF4D
>
> Device           Start       End   Sectors   Size Type
> /dev/nvme0n1p1    2048   1050623   1048576   512M EFI System
> /dev/nvme0n1p2 1050624   2050047    999424   488M Linux filesystem
> /dev/nvme0n1p3 2050048 500117503 498067456 237.5G Linux filesystem
>
>
> Output of lspci -knn (or lspci -nn):
>
> 00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v5/E3-1500 
> v5/6th Gen Core Processor Host Bridge/DRAM Registers [8086:1904] (rev 
> 08)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: skl_uncore
> 00:02.0 VGA compatible controller [0300]: Intel Corporation Skylake 
> GT2 [HD Graphics 520] [8086:1916] (rev 07)
> 	DeviceName:  Onboard IGD
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: i915
> 	Kernel modules: i915
> 00:04.0 Signal processing controller [1180]: Intel Corporation Xeon 
> E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem 
> [8086:1903] (rev 08)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: proc_thermal
> 	Kernel modules: processor_thermal_device_pci_legacy
> 00:14.0 USB controller [0c03]: Intel Corporation Sunrise Point-LP USB 
> 3.0 xHCI Controller [8086:9d2f] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: xhci_hcd
> 	Kernel modules: xhci_pci
> 00:14.2 Signal processing controller [1180]: Intel Corporation 
> Sunrise Point-LP Thermal subsystem [8086:9d31] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: intel_pch_thermal
> 	Kernel modules: intel_pch_thermal
> 00:16.0 Communication controller [0780]: Intel Corporation Sunrise 
> Point-LP CSME HECI #1 [8086:9d3a] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: mei_me
> 	Kernel modules: mei_me
> 00:16.3 Serial controller [0700]: Intel Corporation Sunrise Point-LP 
> Active Management Technology - SOL [8086:9d3d] (rev 21)
> 	Subsystem: Dell Sunrise Point-LP Active Management Technology - SOL 
> [1028:06dc]
> 	Kernel driver in use: serial
> 00:17.0 SATA controller [0106]: Intel Corporation Sunrise Point-LP 
> SATA Controller [AHCI mode] [8086:9d03] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: ahci
> 	Kernel modules: ahci
> 00:1c.0 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI 
> Express Root Port #5 [8086:9d14] (rev f1)
> 	Subsystem: Dell Sunrise Point-LP PCI Express Root Port [1028:06dc]
> 	Kernel driver in use: pcieport
> 00:1d.0 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI 
> Express Root Port #9 [8086:9d18] (rev f1)
> 	Subsystem: Dell Sunrise Point-LP PCI Express Root Port [1028:06dc]
> 	Kernel driver in use: pcieport
> 00:1d.2 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI 
> Express Root Port #11 [8086:9d1a] (rev f1)
> 	Subsystem: Dell Sunrise Point-LP PCI Express Root Port [1028:06dc]
> 	Kernel driver in use: pcieport
> 00:1f.0 ISA bridge [0601]: Intel Corporation Sunrise Point-LP LPC 
> Controller [8086:9d48] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 00:1f.2 Memory controller [0580]: Intel Corporation Sunrise Point-LP 
> PMC [8086:9d21] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 00:1f.3 Audio device [0403]: Intel Corporation Sunrise Point-LP HD 
> Audio [8086:9d70] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: snd_hda_intel
> 	Kernel modules: snd_hda_intel, snd_soc_skl, snd_sof_pci_intel_skl
> 00:1f.4 SMBus [0c05]: Intel Corporation Sunrise Point-LP SMBus 
> [8086:9d23] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: i801_smbus
> 	Kernel modules: i2c_i801
> 00:1f.6 Ethernet controller [0200]: Intel Corporation Ethernet 
> Connection I219-LM [8086:156f] (rev 21)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: e1000e
> 	Kernel modules: e1000e
> 01:00.0 Network controller [0280]: Intel Corporation Wireless 7265 
> [8086:095a] (rev 59)
> 	Subsystem: Intel Corporation Dual Band Wireless-AC 7265 [8086:5410]
> 	Kernel driver in use: iwlwifi
> 	Kernel modules: iwlwifi
> 02:00.0 Non-Volatile memory controller [0108]: Micron Technology Inc 
> Device [1344:5410] (rev 01)
> 	Subsystem: Micron Technology Inc Device [1344:0100]
> 	Kernel driver in use: nvme
> 	Kernel modules: nvme
> 03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. 
> RTS525A PCI Express Card Reader [10ec:525a] (rev 01)
> 	Subsystem: Dell Latitude E7470 [1028:06dc]
> 	Kernel driver in use: rtsx_pci
> 	Kernel modules: rtsx_pci
>
>
> Base System Installation Checklist:
> [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it
>
> Initial boot:           [O]
> Detect network card:    [O]
> Configure network:      [O]
> Detect media:           [O]
> Load installer modules: [O]
> Detect hard drives:     [O]
> Partition hard drives:  [E]
> Install base system:    [O]
> Clock/timezone setup:   [O]
> User/password setup:    [O]
> Install tasks:          [O]
> Install boot loader:    [O]
> Overall install:        [O]
>
> Comments/Problems:
>
>
> With my first install on this machine (submitted separately with a 
> cleaned up process as #1033686), I was planning to use full-disk 
> encryption. However, erasing the root partition took way too long; 
> after 10 mins I gave up, canceled it, hit the back button, and 
> installed the machine with unencrypted partitions.
>
> Specifically, the wiping process to prevent meta-information leaks is 
> so painfully slow that it changed my decision around system security 
> of a new install. An attempt to make a new install more secure 
> (guarding against meta-info leaks) resulted in an overall *less 
> secure* installation (giving up on even using full disk encryption). 
> I don't know if it's pulling random info from /dev/random when it 
> might be better off using /dev/urandom, or there should be a message 
> telling the user to wiggle the mouse/hit keys to speed up the wiping 
> process, or my NVMe drive is just really slow and there should be an 
> option to skip the step or what, but it seems like an important issue 
> to address.
>
> In addition to the long wait, the (english) message for this wiping 
> step is messed up; I've attached a picture. It says it is running "to 
> prevent meta-information leaks from" and then what looks like a red 
> upside-down exclamation mark.
>
> For this install, I ran a stopwatch while partman did its wiping of 
> the partition. It took 23 minutes and 13 seconds to wipe a roughly 
> 255gb partition. That's for that step alone; the total rest of the 
> install (which included installing the base system and gnome) took 
> less than 10 mins including pauses for user prompts.
>
>
>
>
> /var/log/installer is attached in installer.tar.gz.