Re: Encrypting an External HDD
On Thu, Apr 16, 2015, at 16:31, ken wrote:
> After thinking about it, and remembering that partitioning also detects
> and marks bad blocks, I was then wondering if this was done also by the
> writing of LUKS container alone. Anyone know?
The typical install will have the LUKS container (actually, dmcrypt) doing nothing as far as badblocks are concerned. Whatever filesystem is inside the LUKS container will have to do badblock handling, and avoid trying to write to a badblock.
This would also mean it is impossible to have a LUKS container where there is a badblock is in a LUKS metadata area, and if one shows up there, well...
Basically, nowadays the underlying device has to deal with badblocks and remap those itself (all ATA/SATA/SSD devices do this).
You _can_ skip over badblocks in the device mapper setup that actually implements the encrypted device as far as the kernel is concerned. I have no idea if cryptsetup (which reads the LUKS metadata and sets up the dm-crypt map) can deal with this, but it doesn't look like it.
There is an alternative using another device mapper layer between the dm-crypt device created by cryptsetup, and the real storage device. It is not likely to be supported by stock Debian initramfs-tools, so it is very likely in the "don't bother, not worth the trouble" side of the fence.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: