Re: Aw: Re: [opensuse-factory] time to unlock fully encrypted partition

W dniu 08.03.2020 o 17:39, Axel Braun pisze:
Hello Adam,

Gesendet: Sonntag, 08. März 2020 um 14:30 Uhr
Von: "Adam Mizerski" <adam@xxxxxxxxxxx>
An: opensuse-factory@xxxxxxxxxxxx
Betreff: Re: [opensuse-factory] time to unlock fully encrypted partition

W dniu 08.03.2020 o 14:10, Axel Braun pisze:

I have a new TW installation with a 940GB encrypted root partition
(including /boot, excluding /boot/efi).
When starting the machine, grub asks in text mode for the passphrase.
After entering the passphrase, it takes about 20s until the graphical boot
screen appears.

I feel this is much too long....

Has anyone a similar experience?

This might be useful:

Indeed interesting.
This is what it looks:

X1E:/home/test # lsblk
nvme0n1 259:0 0 953,9G 0 disk
├─nvme0n1p1 259:1 0 500M 0 part /boot/efi
├─nvme0n1p2 259:2 0 937G 0 part
│ └─cr_root 254:0 0 937G 0 crypt /
└─nvme0n1p3 259:3 0 16,4G 0 part [SWAP]

linux:/home/test # cryptsetup luksDump /dev/nvme0n1p2
LUKS header information for /dev/nvme0n1p2

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: c3 b3 b9 a1 4b cd 08 8d 93 47 59 be f1 b8 f3 24 5f ae 81 75
MK salt: 8b 87 eb c4 bd 43 4e af 57 ef eb 9f 3c 38 a9 8a
f4 c5 63 2f 1b f6 98 1a 49 62 36 e0 9e 12 8a db
MK iterations: 153840
UUID: 720864c9-f8ed-405e-9a17-ccfa1d2f347b

Key Slot 0: ENABLED
Iterations: 1229280
Salt: 5f 9b 38 6b 29 b4 2e b0 80 35 c5 bd 88 9f 77
29 6c 34 00 54 3c af a5 5a d4 f6 15 7e e4 8d
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Following the reading above, the hash of 256 should be OK. I reduced the
itercounts to 1000 (ms), that reduced it to 13s

The size of disk is not important. 20 seconds is indeed too long. What
CPU do you have?

Processors: 12 × Intel® Core™ i7-9750H CPU @ 2.60GHz
Memory: 15,4 GiB

(I guess this is not the problem)


I've found this:

Did you install using BIOS or UEFI? Decryption can take a long time when
using BIOS because limited system resources are available. It takes
around 20 seconds for decryption if I install using BIOS. UEFI is much
quicker, but even that isn't instant.

